Thanks Robert for the quick reply. I am copying the DN from Active directory : CN=Darpan Patel,CN=Users,DC=test,DC=com and keeping the same while configuring the Ambari LDAP setting. i.e. Manager DN*: CN=Darpan Patel,CN=Users,DC=test,DC=com
But the error is still the same : Syncing all.ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: HTTP Error 403: Bad credentials On 17 December 2015 at 21:51, Robert Levas <[email protected]> wrote: > Darpan… > > The Manger DN request is expecting a distinguished name value, not a > principal name. A distinguished name would look something like > *CN=darpan,CN=Users,DC=test,DC=com*, which may reference the same account > as [email protected] (which would be the userPrincipalName) or darpan > (which would be be sAMAccountName). > > Rob > > > From: Darpan Patel <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Thursday, December 17, 2015 at 4:35 PM > > To: "[email protected]" <[email protected]> > Subject: Re: Need help in Ambari - Active Directory Integration > > Many Thanks Robert. > > I made the corresponding changes and specifying bind anonymously to > false. Thanks the old issue is gone now. But still I am facing strange > issue. I am giving the Manager DN = [email protected] and trying to synch > all the users of AD but on the console I see : > > *Syncing all.ERROR: Exiting with exit code 1.* > *REASON: Sync event creation failed. Error details: HTTP Error 403: Bad > credentials* > > *(It is kind of strange because I just issued the valid TGT using kinit > [email protected] <[email protected]> without any issues!!!!)* > > There is only one line the logs: > 17 Dec 2015 21:24:07,682 INFO [qtp-client-23] > FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be > performed from the root: cn=Users,dc=test,dc=com > > Regards, > DP > > > On 17 December 2015 at 17:55, Robert Levas <[email protected]> wrote: > >> However, I don’t think that these changes will help with the >> authentication/bind issue. For that, when asked to bind anonymously, you >> should answer *false* and then set the Manager DN value to the DN of a >> user with read access to the specified container in your Active Directory. >> >> I hope this helps, >> >> Rob >> >> >> From: Darpan Patel <[email protected]> >> Reply-To: "[email protected]" <[email protected]> >> Date: Thursday, December 17, 2015 at 12:20 PM >> To: "[email protected]" <[email protected]> >> Subject: Re: Need help in Ambari - Active Directory Integration >> >> Forgot to mention that logs show Naming Exception. >> [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order >> to perform this operation a successful bind must be completed on the >> connection., data 0, v1db1]; remaining name 'CN=Users,DC=test,DC=com' >> >> 17 Dec 2015 16:36:08,801 FATAL [pool-7-thread-1] >> AbstractRequestControlDirContextProcessor:186 - No matching response >> control found for paged results - looking for 'class >> javax.naming.ldap.PagedResultsResponseControl >> 17 Dec 2015 16:36:08,802 ERROR [pool-7-thread-1] >> LdapSyncEventResourceProvider:434 - Caught exception running LDAP sync. >> *org.springframework.ldap.UncategorizedLdapException: Uncategorized >> exception occured during LDAP processing; nested exception is >> javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: >> DSID-0C0906E8, comment: In order to perform this operation a successful >> bind must be completed on the connection., data 0, v1db1]; remaining name >> 'CN=Users,DC=test,DC=com'* >> at >> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217) >> at >> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319) >> at >> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259) >> at >> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606) >> at >> org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.getFilteredLdapUsers(AmbariLdapDataPopulator.java:549) >> >> >> On 17 December 2015 at 17:19, Darpan Patel <[email protected]> wrote: >> >>> Hi guys, >>> >>> I am trying to integrate A/D 2012 Server with Ambari. >>> I have doubt that some of the properties are not correct. >>> I am tried various permutation combinations but not successful yet. >>> Could anyone review and help fixing it ? >>> >>> *Active directory domain controller* name is : TEST.COM >>> >>> On the console here are the values I am passing: >>> *$ambari-server setup-ldap* >>> >>> Setting up LDAP properties... >>> *Primary URL* {host:port}* :IP_OF_AD_SERVER:389 >>> *Use SSL* [true/false] *: false >>> *User object class** :person >>> *User name attribute** :sAMAccountName >>> *Group object class* :*User >>> *Group name attribute* : *User >>> *Group member attribute* :*member >>> *Distinguished name attribute* :*CN=Users,DC=test,DC=com >>> *Base DN* :*CN=Users,DC=test,DC=com >>> *Referral method [follow/ignore] :*ignore >>> *Bind anonymously* [*true/false] :true >>> >>> ==================== >>> Review Settings >>> ==================== >>> Save settings [y/n] (y)?y >>> Saving...done >>> Ambari Server 'setup-ldap' completed successfully. >>> >>> >>> Regards, >>> DP >>> >> >> >
