Hello Rob,
Thank you for your reply.
1) I am using apache ambari version 2.1.2
2) authentication.ldap.groupMembershipAttr value in my ambari.properties
file is as following. authentication.ldap.groupMembershipAttr=memberUid
3) The schema of my ldap server is as following.
++++++++++++++++++++++++++++ ~# ldapsearch -x -h
ldapserver.arcbigdata.com -b "dc=arcbigdata,dc=com" # extended LDIF # #
LDAPv3 # base <dc=arcbigdata,dc=com> with scope subtree # filter:
(objectclass=*) # requesting: ALL # # arcbigdata.com dn:
dc=arcbigdata,dc=com objectClass: top objectClass: dcObject objectClass:
organization o: ARC dc: arcbigdata # admin, arcbigdata.com dn:
cn=admin,dc=arcbigdata,dc=com objectClass: simpleSecurityObject
objectClass: organizationalRole cn: admin description: LDAP
administrator # groups, arcbigdata.com dn:
ou=groups,dc=arcbigdata,dc=com objectClass: organizationalUnit
objectClass: top ou: groups # hadoop_admin, groups, arcbigdata.com dn:
cn=hadoop_admin,ou=groups,dc=arcbigdata,dc=com gidNumber: 500
objectClass: posixGroup objectClass: top cn: hadoop_admin #
hadoop_operator, groups, arcbigdata.com dn:
cn=hadoop_operator,ou=groups,dc=arcbigdata,dc=com gidNumber: 501 cn:
hadoop_operator objectClass: posixGroup objectClass: top # hadoop_users,
groups, arcbigdata.com dn:
cn=hadoop_users,ou=groups,dc=arcbigdata,dc=com gidNumber: 502 cn:
hadoop_users objectClass: posixGroup objectClass: top # huser1,
hadoop_users, groups, arcbigdata.com dn:
cn=huser1,cn=hadoop_users,ou=groups,dc=arcbigdata,dc=com cn: huser1
givenName: h gidNumber: 502 homeDirectory: /home/users/huser1 sn: user1
loginShell: /bin/sh objectClass: inetOrgPerson objectClass: posixAccount
objectClass: top uidNumber: 1000 uid: huser1 # hoperator1,
hadoop_operator, groups, arcbigdata.com dn:
cn=hoperator1,cn=hadoop_operator,ou=groups,dc=arcbigdata,dc=com cn:
hoperator1 givenName: h gidNumber: 501 homeDirectory:
/home/users/hoperator1 sn: operator1 loginShell: /bin/sh objectClass:
inetOrgPerson objectClass: posixAccount objectClass: top uidNumber: 1001
uid: hoperator1 # hadmin1, hadoop_admin, groups, arcbigdata.com dn:
cn=hadmin1,cn=hadoop_admin,ou=groups,dc=arcbigdata,dc=com cn: hadmin1
givenName: h gidNumber: 500 homeDirectory: /home/users/hadmin1 sn:
admin1 loginShell: /bin/sh objectClass: inetOrgPerson objectClass:
posixAccount objectClass: top uidNumber: 1002 uid: hadmin1 # search
result search: 2 result: 0 Success # numResponses: 10 # numEntries: 9
++++++++++++++++++++++++++++++++++++++++++
As I am not very much familiar with LDAP so may be I am providing wrong
value in authentication.ldap.groupMembershipAttr.
Can you please help me on this?
Regards,
Pratip
On Monday 07 March 2016 06:57 PM, Robert Levas wrote:
What version of Ambari and LDAP server are you using. I believe before Ambari
2.1 there was an issue syncing with OpenLDAP.
Maybe you are hitting this issue. Else maybe there is an issue with your
configuration where the group membership link isn correct and Ambari is trying
to look up an incorrect field. Make sure the
authentication.ldap.groupMembershipAttr value in your ambari.properties file
matches the schema in your LDAP sever.
Rob
On 3/7/16, 7:59 AM, "Pratip Ghosh" <[email protected]> wrote:
Hi
I want to sync membership info just like users & groups from LDAP to
ambari database but its not happening in actual.
All users and groups ware syncing but membership not syncing from LDAP
to ambari.
Can anybody help me out on this?
*********************************************
# ambari-server sync-ldap --all
Using python /usr/bin/python2.7
Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing
all..................................................................
Completed LDAP Sync.
Summary:
memberships:
removed = 0
created = 0
users:
updated = 0
removed = 2
created = 1
groups:
updated = 0
removed = 3
created = 3
Ambari Server 'sync-ldap' completed successfully.
*********************************************************
