OpenLDAP is enabled by default in E-MapReduce (EMR) V3.22.0 and later. It is integrated with Knox. You can use OpenLDAP to manage information about Knox users. In EMR V3.24.0 and later, the Has service uses OpenLDAP as its backend. You can use OpenLDAP to manage the principals of Has.

Create a cluster

OpenLDAP is a required service in the Software Settings step of cluster creation. For more information about how to create a cluster, see Create a cluster.


View node information

  1. Log on to the Alibaba Cloud E-MapReduce console.
  2. Click the Cluster Management tab.
  3. Find the target cluster and click Details in the Actions column.
    Note You can click Details only when the cluster is in the Idle state.
  4. In the left-side navigation page, click Cluster Service and then OpenLDAP.
  5. Click the Component Deployment tab.
    OpenLDAP is deployed on the master node. You can view the node information on the Component Deployment tab. For a high-availability cluster, OpenLDAP is deployed on two master nodes to ensure high availability.

Modify OpenLDAP information

  • Method 1: Modify OpenLDAP information in a cluster in the EMR console.

    On the User Management page for a cluster, set a Knox account to add or remove OpenLDAP information to or from the cluster. For more information, see Manage users.

    Note If the cluster does not support user management, use Method 2 to modify OpenLDAP information.
  • Method 2: Run the ldap command to modify OpenLDAP information in a cluster.

    For example, add OpenLDAP information with uid set to arch and userPassword set to 12345678.

    1. In the EMR console, obtain the root distinguished name (DN) and password from the Service Configuration section for OpenLDAP.OpenLDAP
    2. Edit the arch.ldif file.

      Add the following OpenLDAP information to the file:

      dn: uid=arch,ou=people,o=emr
      cn: arch
      sn: arch
      objectClass: inetOrgPerson
      userPassword: 12345678
      uid: arch
    3. Log on to the master node of the cluster and run the following command:
      ldapadd -H ldap://emr-header-1:10389 -f arch.ldif -D uid=admin,o=emr -w ${rootDnPW}
      • ${rootDnPW} is the password of the root DN.
      • 10389 is the listening port of the OpenLDAP service.
    4. Run the following command to view the OpenLDAP information:
      ldapsearch -w ${rootDnPW}  -D "uid=admin,o=emr" -H ldap://emr-header-1:10389 -b uid=arch,ou=people,o=emr
      To delete the added OpenLDAP information, run the following command:
      ldapdelete -x -D "uid=admin,o=emr" -w ${rootDnPW} -r uid=arch,ou=people,o=emr -H ldap://emr-header-1:10389