3. Optional: Set Up LDAP Authentication

By default, Ambari uses an internal database as the user store for authentication and authorization. If you wish to add LDAP external authentication in addition for Ambari Web, you need to make some edits to the Ambari properties file.

[Important]Important

Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits.

  1. On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.

  2. Make the following edits:

    1. Add the client security property and set it to LDAP

      client.security=ldap
    2. Add the following properties for the LDAP server, including whether to use SSL, whether you can bind to the server anonymously or if you need to provide manager credentials, the base DN, and so forth.

       

      Table 2.2. LDAP Server Properties

      PropertyValuesDescription
      authentication.ldap.useSSLtrue or false If true, use SSL when connecting to the LDAP server.
      authentication.ldap.primaryUrlserver:port

      The hostname and port for the LDAP server.

      Example: my.ldap.server:389

      authentication.ldap.secondaryUrlserver:port

      The hostname and port for the secondary LDAP server.

      Example: my.secondary.ldap.server:389

      authentication.ldap.baseDn[Distinguished Name]

      The base Distinguished Name to search in the directory for users.

      Example:

      ou=people,dc=hadoop,dc=apache,dc=org

      authentication.ldap.bindAnonymouslytrue or falseIf true, bind to the LDAP server anonymously
      authentication.ldap.managerDn[Full Distinguished Name]

      If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager.

      Example:

      uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org

      authentication.ldap.managerPassword[password] If Bind anonymous is set to false, the password for the manager
      authentication.ldap.usernameAttribute[LDAP attribute]

      The attribute for username

      Example: uid


When you have made the necessary edits to the properties file, you can go on to start (or re-start) the server. Initially the users you have enabled will all have User privileges. Users can read metrics, view service status and configuration, and browse job information. For these new users to be able to start or stop services, modify configurations, and run smoke tests, they need to be Admins. To make this change, use the Ambari Web Admin View.


loading table of contents...