Pivotal Knowledge Base


Ambari: local user is authenticated against LDAP


Product Version
Pivotal HDP 3.x
OS All supported
HDP  2.2.x, 2.3.x, 2.4.x


When logging in a local user (e.g. administrator) the query is sent to LDAP server to log the user in. This is not expected because the user is local.

Error Message:

The following traces are found in the LDAP access log.

[2016-06-09 09:53:05.259] CONNECT conn=274712 from=xx.xx.xx.xx:59518 to=xx.xx.xx.xx:6362 protocol=LDAPS
[2016-06-09 09:53:05.259] BIND conn=274712 op=0 msgID=1 version=3 type=SIMPLE dn="uid=administrator,ou=people,dc=example,dc=com" result=0 authDN="uid=bounduser,ou=people,dc=example,dc=com" etime=147335
[2016-06-09 09:53:05.259] SEARCH conn=274712 op=1 msgID=2 base="ou=people,dc=example,dc=com" scope=sub filter="(&(member=uid=administrator,ou=people,dc=example,dc=com)(objectclass=group)(|(cn=Ambari Administrators)))" attrs="ALL" requestControls=2.16.840.1.113730.3.4.2 result=0 nentries=0 etime=102178
[2016-06-09 09:53:05.259] UNBIND conn=274712 op=2 msgID=3
[2016-06-09 09:53:05.259] DISCONNECT conn=274712 reason="Client Unbind"


The user "administrator" is available in LDAP and Ambari. During user sync in Ambari any local user that has an account in LDAP is converted to an LDAP user; therefore, subsequent logins will be performed against LDAP.


Create a local user with a name which does not exist in LDAP directory.


Powered by Zendesk