3. Optional: Set Up LDAP Authentication

By default, Ambari uses an internal database as the user store for authentication and authorization. If you wish to add LDAP external authentication in addition for Ambari Web, you need to make some edits to the Ambari properties file.


Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits.

  1. On the Ambari Server host, open /etc/ambari-server/conf/ambari.properties with a text editor.

  2. Make the following edits:

    1. Add the client security property and set it to LDAP

    2. Add the following properties for the LDAP server, including whether to use SSL, whether you can bind to the server anonymously or if you need to provide manager credentials, the base DN, and so forth.


      Table 2.2. LDAP Server Properties

      authentication.ldap.useSSLtrue or false If true, use SSL when connecting to the LDAP server.

      The hostname and port for the LDAP server.

      Example: my.ldap.server:389


      The hostname and port for the secondary LDAP server.

      Example: my.secondary.ldap.server:389

      authentication.ldap.baseDn[Distinguished Name]

      The base Distinguished Name to search in the directory for users.



      authentication.ldap.bindAnonymouslytrue or falseIf true, bind to the LDAP server anonymously
      authentication.ldap.managerDn[Full Distinguished Name]

      If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager.



      authentication.ldap.managerPassword[password] If Bind anonymous is set to false, the password for the manager
      authentication.ldap.usernameAttribute[LDAP attribute]

      The attribute for username

      Example: uid

When you have made the necessary edits to the properties file, you can go on to start (or re-start) the server. Initially the users you have enabled will all have User privileges. Users can read metrics, view service status and configuration, and browse job information. For these new users to be able to start or stop services, modify configurations, and run smoke tests, they need to be Admins. To make this change, use the Ambari Web Admin View.

loading table of contents...