Active Directory LDAP setup example

If the users for whom you want to enable authentication into Ambari UI are stored in Active Directory, you should configure Ambari to integrate directly against your AD instance. Selecting AD as an LDAP type helps the wizard configure some smarter defaults for the the attribute values that tend to work in most AD instances.

Gather details about your AD instance from your AD administrator and provide them as input to the ambari-server setup-ldap cli wizard. Verify the settings before you confirm them as AD instances can be configured in many ways.

To configure LDAP integration against AD using the cli wizard:

Run ambari-server setup-ldap on the Ambari server host.

Provide the following information about your domain.

Prompt	Example value for AD
Please select the type of LDAP you want to use :	AD
Primary URL Host*	ad.hortonworks.site
Primary URL Port	636
Secondary URL Host (optional)
Secondary URL Port (optional)
Use SSL*	true
Do you want to provide custom TrustStore for Ambari [y/n]	n
TrustStore type	jks
Path to TrustStore
Password for TrustStore
User object class	user
User name attribute*	sAMAccountName
Group object class*	group
Group name attribute*	cn
Group member attribute*	member
Distinguished name attribute*	distinguishedName
Search Base	CN=Users,dc=hortonworks,dc=site
Referral method*	follow
Bind anonymously*	false
Bind DN:	CN=ldapbind,CN=Users,dc=hortonworks,dc=site
Bind DN Password:
Handling behavior for username collisions:	convert
Force lower-case user names	true
Results from LDAP are paginated when requested	true

Verify your default settings.

Synchronize your LDAP users and groups.