Configure Atlas authentication for AD
How to configure Atlas to use AD for user authentication when using AD cluster-wide.
The settings indicated in these steps apply to Atlas authentication and it is likely that the values will be the same as you use to configure other services on the cluster.
- In Cloudera Manager, select the Atlas service, then open the Configuration tab.
- To display the authentication settings, type "authentication" in the Search box. You may need to scroll down to see all of the AD settings.
-
Configure the following settings for AD authentication:
Property Description Sample values Enable LDAP Authentication atlas.authentication.method.ldap
Determines whether LDAP is used for authentication. true
LDAP Authentication Type atlas.authentication.method.ldap.type
The LDAP type ( ldap
,ad
, ornone
).ad
AD URL
atlas.authentication.method.ldap.ad.url
The AD server URL. ldap://<AD-Servername>:Port
AD Bind DN Username
atlas.authentication.method.ldap.ad.bind.dn
Full distinguished name (DN), including common name (CN), of an AD user account that has privileges to search. cn=admin,dc=example,dc=com
AD Bind DN Password
atlas.authentication.method.ldap.ad.bind.password
Password for the account that can search in AD. Secret123!
AD Domain Name (Only for AD) atlas.authentication.method.ldap.ad.domain
AD domain, only used if Authentication method is AD. example.com AD User Search Filter
atlas.authentication.method.ldap.ad.user.searchfilter
The AD user search filter. (&(sAMAccountName={0})(objectClass=user)(memberOf=cn=PTTOR-Contract-Big data Admin,OU=OR Data Platform,OU=PTTOR Distribution Manual Group,DC=pttor,DC=corp))
AD Base DN
atlas.authentication.method.ldap.ad.base.dn
The Distinguished Name (DN) of the starting point for directory server searches. dc=example,dc=com
AD User Default Role
atlas.authentication.method.ldap.ad.default.role
AD User default Role. ROLE_USER
AD Referral
atlas.authentication.method.ldap.ad.referral
*See below. Defaults to ignore
.follow
* There are three possible values for
atlas.authentication.method.ldap.ad.referral
:follow
,throw
, andignore
. The recommended setting isfollow
.When searching a directory, the server might return several search results, along with a few continuation references that show where to obtain further results. These results and references might be interleaved at the protocol level.
-
When this property is set to
follow
, the AD service provider processes all of the normal entries first, and then follows the continuation references. -
When this property is set to
throw
, all of the normal entries are returned in the enumeration first, before theReferralException
is thrown. By contrast, a "referral" error response is processed immediately when this property is set tofollow
orthrow
. -
When this property is set to
ignore
, it indicates that the server should return referral entries as ordinary entries (or plain text). This might return partial results for the search. In the case of AD, aPartialResultException
is returned when referrals are encountered while search results are processed.
-
- Click Save Changes.
- Restart the Atlas service.