Atlas - stanislawbartkowski/hdpactivedirectory GitHub Wiki
Atlas and LDAP/AD
Enabling Atlas for LDAP/AD authentication is simple and straightforward.
Atlas and LDAP
Important: in the end, I was unable to activate on OpenLDAP. This solution is not working. It seems that Atlas authenticator is adding an additional filter to group searching and this filter is rejected by OpenLDAP as "not found".
op=0 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
Below are practical step for OpenLDAP and non-secure LDAP
Collect necessary information
| Parameter | Description | Sample value |
|---|---|---|
| atlas.authentication.method.ldap.url | URL to access OpenLDAP | (non-secure) ldap://thinkde:389 |
| atlas.authentication.method.ldap.userDNpattern | Pattern to create LDAP DN using user login name | cn={0},ou=users,dc=sb,dc=com |
| atlas.authentication.method.ldap.groupSearchBase | Search base for groups | ou=groups,dc=sb,dc=com |
| atlas.authentication.method.ldap.groupRoleAttribute | Attribute to get groups name | cn |
| atlas.authentication.method.ldap.base.dn | LDAP search base | dc=sb,dc=com |
| atlas.authentication.method.ldap.bind.dn | Bind,proxy user, good practice to have read-only user here | uid=proxy,ou=users,dc=sb,dc=com |
| atlas.authentication.method.ldap.bind.password | Password for bind user | secret |
| atlas.authentication.method.ldap.referral | ignore | |
| atlas.authentication.method.ldap.groupSearchFilter | (member=cn={1}) | |
| atlas.authentication.method.ldap.user.searchfilter | (cn={0}) | |
| atlas.authentication.method.ldap.default.role | ROLE_USER |
Run ldapsearch command
Run the command, make sure that bind user and password are valid and that bind user is authorized to scan the LDAP tree
ldapsearch -x -H ldap://thinkde:389 -b cn=proxy,ou=users,dc=sb,dc=com -D "dc=sb,dc=com" -w secret
.............
# admins, groups, sb.com
dn: cn=admins,ou=groups,dc=sb,dc=com
cn: admins
member: cn=admin
objectClass: groupOfNames
objectClass: top
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
Configure Atlas
Ambari->Atlas->Configs->Advanced
Authentication Method->Enable LDAP Authentication
LDAP/AD -> Select LDAP
Fill the form with all information collected. Some properties are default, do not change.
Restart Atlas