Darpan… The Manger DN request is expecting a distinguished name value, not a principal name. A distinguished name would look something like CN=darpan,CN=Users,DC=test,DC=com, which may reference the same account as [email protected] (which would be the userPrincipalName) or darpan (which would be be sAMAccountName).
Rob From: Darpan Patel <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, December 17, 2015 at 4:35 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Need help in Ambari - Active Directory Integration Many Thanks Robert. I made the corresponding changes and specifying bind anonymously to false. Thanks the old issue is gone now. But still I am facing strange issue. I am giving the Manager DN = [email protected]<mailto:[email protected]> and trying to synch all the users of AD but on the console I see : Syncing all.ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: HTTP Error 403: Bad credentials (It is kind of strange because I just issued the valid TGT using kinit [email protected]<mailto:[email protected]> without any issues!!!!) There is only one line the logs: 17 Dec 2015 21:24:07,682 INFO [qtp-client-23] FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be performed from the root: cn=Users,dc=test,dc=com Regards, DP On 17 December 2015 at 17:55, Robert Levas <[email protected]<mailto:[email protected]>> wrote: However, I don’t think that these changes will help with the authentication/bind issue. For that, when asked to bind anonymously, you should answer false and then set the Manager DN value to the DN of a user with read access to the specified container in your Active Directory. I hope this helps, Rob From: Darpan Patel <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, December 17, 2015 at 12:20 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Need help in Ambari - Active Directory Integration Forgot to mention that logs show Naming Exception. [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'CN=Users,DC=test,DC=com' 17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1] AbstractRequestControlDirContextProcessor:186 - No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl 17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1] LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync. org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'CN=Users,DC=test,DC=com' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606) at org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:549) On 17 December 2015 at 17:19, Darpan Patel <[email protected]<mailto:[email protected]>> wrote: Hi guys, I am trying to integrate A/D 2012 Server with Ambari. I have doubt that some of the properties are not correct. I am tried various permutation combinations but not successful yet. Could anyone review and help fixing it ? Active directory domain controller name is : TEST.COM<http://TEST.COM> On the console here are the values I am passing: $ambari-server setup-ldap Setting up LDAP properties... Primary URL* {host:port} :IP_OF_AD_SERVER:389 Use SSL* [true/false] : false User object class* :person User name attribute* :sAMAccountName Group object class* :User Group name attribute* : User Group member attribute* :member Distinguished name attribute* :CN=Users,DC=test,DC=com Base DN* :CN=Users,DC=test,DC=com Referral method [follow/ignore] :ignore Bind anonymously* [true/false] :true ==================== Review Settings ==================== Save settings [y/n] (y)?y Saving...done Ambari Server 'setup-ldap' completed successfully. Regards, DP
