Port requirements for AD in Cloudera Data Warehouse Private Cloud

Review the ports that you must use for Active Directory (AD) in Cloudera Data Warehouse (CDW) Private Cloud. Cloudera recommends that you use AD Global Catalog ports 3268 and 3269 if you are using LDAP referrals.

In CDW, neither Hive nor Impala can use the standard LDAP referrals. Therefore, you cannot use the standard LDAP ports 389 and 636 for TLS/SSL with AD. Instead, you must use Active Directory Global Catalog ports 3268 and 3269 for TLS/SSL.

CDW performs port validation when you activate an environment in CDW. The validation process only indicates a problem if you have configured AD, but you have not included a port in the LDAP URL in the Management Console. In this scenario, the Database Catalog does not reach the Ready state, and you see the following error:
Active Directory servers should be used through the Global Catalog ports: 3268/3269
If you specify any port number in the LDAP URL, then no error message is displayed.