Configure Atlas authentication for AD

How to configure Atlas to use AD for user authentication when using AD cluster-wide.

The settings indicated in these steps apply to Atlas authentication and it is likely that the values will be the same as you use to configure other services on the cluster.

In Cloudera Manager, select the Atlas service, then open the Configuration tab.
To display the authentication settings, type "authentication" in the Search box. You may need to scroll down to see all of the AD settings.

Configure the following settings for AD authentication:


Property	Description	Sample values
Enable LDAP Authentication `atlas.authentication.method.ldap`	Determines whether LDAP is used for authentication.	`true`
LDAP Authentication Type `atlas.authentication.method.ldap.type`	The LDAP type (`ldap`, `ad`, or `none`).	`ad`
AD URL `atlas.authentication.method.ldap.ad.url`	The AD server URL.	`ldap://<AD-Servername>:Port`
AD Bind DN Username `atlas.authentication.method.ldap.ad.bind.dn`	Full distinguished name (DN), including common name (CN), of an AD user account that has privileges to search.	`cn=admin,dc=example,dc=com`
AD Bind DN Password `atlas.authentication.method.ldap.ad.bind.password`	Password for the account that can search in AD.	`Secret123!`
AD Domain Name (Only for AD) `atlas.authentication.method.ldap.ad.domain`	AD domain, only used if Authentication method is AD.	example.com
AD User Search Filter `atlas.authentication.method.ldap.ad.user.searchfilter`	The AD user search filter.	`(&(sAMAccountName={0})(objectClass=user)(memberOf=cn=PTTOR-Contract-Big data Admin,OU=OR Data Platform,OU=PTTOR Distribution Manual Group,DC=pttor,DC=corp))` note The `{0}` place holder is required in configuration to substitute to fill in with a valid user name to build the search filter.
AD Base DN `atlas.authentication.method.ldap.ad.base.dn`	The Distinguished Name (DN) of the starting point for directory server searches.	`dc=example,dc=com`
AD User Default Role `atlas.authentication.method.ldap.ad.default.role`	AD User default Role.	`ROLE_USER`
AD Referral `atlas.authentication.method.ldap.ad.referral`^*	See below. Defaults to `ignore`.	`follow`

^* There are three possible values for atlas.authentication.method.ldap.ad.referral: follow, throw, and ignore. The recommended setting is follow.

When searching a directory, the server might return several search results, along with a few continuation references that show where to obtain further results. These results and references might be interleaved at the protocol level.

When this property is set to follow, the AD service provider processes all of the normal entries first, and then follows the continuation references.
When this property is set to throw, all of the normal entries are returned in the enumeration first, before the ReferralException is thrown. By contrast, a "referral" error response is processed immediately when this property is set to follow or throw.
When this property is set to ignore, it indicates that the server should return referral entries as ordinary entries (or plain text). This might return partial results for the search. In the case of AD, a PartialResultException is returned when referrals are encountered while search results are processed.

Click Save Changes.
Restart the Atlas service.