Configure Atlas authentication for AD

How to configure Atlas to use AD for user authentication when using AD cluster-wide.

The settings indicated in these steps apply to Atlas authentication and it is likely that the values will be the same as you use to configure other services on the cluster.

  1. In Cloudera Manager, select the Atlas service, then open the Configuration tab.
  2. To display the authentication settings, type "authentication" in the Search box. You may need to scroll down to see all of the AD settings.
  3. Configure the following settings for AD authentication:
    Property Description Sample values
    Enable LDAP Authentication

    atlas.authentication.method.ldap

    Determines whether LDAP is used for authentication. true
    LDAP Authentication Type

    atlas.authentication.method.ldap.type

    The LDAP type (ldap, ad, or none). ad

    AD URL

    atlas.authentication.method.ldap.ad.url

    The AD server URL. ldap://<AD-Servername>:Port

    AD Bind DN Username

    atlas.authentication.method.ldap.ad.bind.dn

    Full distinguished name (DN), including common name (CN), of an AD user account that has privileges to search. cn=admin,dc=example,dc=com

    AD Bind DN Password

    atlas.authentication.method.ldap.ad.bind.password

    Password for the account that can search in AD. Secret123!
    AD Domain Name (Only for AD)

    atlas.authentication.method.ldap.ad.domain

    AD domain, only used if Authentication method is AD. example.com

    AD User Search Filter

    atlas.authentication.method.ldap.ad.user.searchfilter

    The AD user search filter. (&(sAMAccountName={0})(objectClass=user)(memberOf=cn=PTTOR-Contract-Big data Admin,OU=OR Data Platform,OU=PTTOR Distribution Manual Group,DC=pttor,DC=corp))

    AD Base DN

    atlas.authentication.method.ldap.ad.base.dn

    The Distinguished Name (DN) of the starting point for directory server searches. dc=example,dc=com

    AD User Default Role

    atlas.authentication.method.ldap.ad.default.role

    AD User default Role. ROLE_USER

    AD Referral

    atlas.authentication.method.ldap.ad.referral*

    See below. Defaults to ignore. follow

    * There are three possible values for atlas.authentication.method.ldap.ad.referral: follow, throw, and ignore. The recommended setting is follow.

    When searching a directory, the server might return several search results, along with a few continuation references that show where to obtain further results. These results and references might be interleaved at the protocol level.

    • When this property is set to follow, the AD service provider processes all of the normal entries first, and then follows the continuation references.

    • When this property is set to throw, all of the normal entries are returned in the enumeration first, before the ReferralException is thrown. By contrast, a "referral" error response is processed immediately when this property is set to follow or throw.

    • When this property is set to ignore, it indicates that the server should return referral entries as ordinary entries (or plain text). This might return partial results for the search. In the case of AD, a PartialResultException is returned when referrals are encountered while search results are processed.

  4. Click Save Changes.
  5. Restart the Atlas service.