Configuring Ambari Authentication with LDAP/AD
Also available as:

Active Directory LDAP setup example

If the users for whom you want to enable authentication into Ambari UI are stored in Active Directory, you should configure Ambari to integrate directly against your AD instance. Selecting AD as an LDAP type helps the wizard configure some smarter defaults for the the attribute values that tend to work in most AD instances.

Gather details about your AD instance from your AD administrator and provide them as input to the ambari-server setup-ldap cli wizard. Verify the settings before you confirm them as AD instances can be configured in many ways.

To configure LDAP integration against AD using the cli wizard:

  1. Run ambari-server setup-ldap on the Ambari server host.
  2. Provide the following information about your domain.
    PromptExample value for AD
    Please select the type of LDAP you want to use : AD
    Primary URL Host*
    Primary URL Port 636
    Secondary URL Host (optional)  
    Secondary URL Port (optional)  
    Use SSL* true
    Do you want to provide custom TrustStore for Ambari [y/n] n
    TrustStore type jks
    Path to TrustStore  
    Password for TrustStore  
    User object class user
    User name attribute* sAMAccountName
    Group object class* group
    Group name attribute* cn
    Group member attribute* member
    Distinguished name attribute* distinguishedName
    Search Base CN=Users,dc=hortonworks,dc=site
    Referral method* follow
    Bind anonymously* false
    Bind DN: CN=ldapbind,CN=Users,dc=hortonworks,dc=site
    Bind DN Password:  
    Handling behavior for username collisions: convert
    Force lower-case user names true
    Results from LDAP are paginated when requested true
  3. Verify your default settings.
Synchronize your LDAP users and groups.