In E-MapReduce (EMR) V3.22.0 and later, OpenLDAP is enabled by default. EMR allows you to integrate Knox with OpenLDAP and use OpenLDAP to manage information about Knox users.
Prerequisites
View node information
Modify OpenLDAP information
- Method 1: Modify OpenLDAP information in a cluster in the EMR console.
On the User Management page for a cluster, set a Knox account to add or remove OpenLDAP information to or from the cluster. For more information, see Manage user accounts.
- Method 2: Run the
ldap
command to modify OpenLDAP information in a cluster.For example, add OpenLDAP information with uid set to arch and userPassword set to 12345678.- In the EMR console, obtain the root distinguished name (DN) and password from the
Service Configuration section on the Configure tab for OpenLDAP.
- Log on to the master node of the cluster and edit the arch.ldif file.
dn: uid=arch,ou=people,o=emr cn: arch sn: arch objectClass: inetOrgPerson userPassword: 12345678 uid: arch
- Add the following OpenLDAP information to the file:
ldapadd -H ldap://emr-header-1:10389 -f arch.ldif -D uid=admin,o=emr -w ${rootDnPW}
${rootDnPW}
: the password of the root DN10389
: the listening port of the OpenLDAP service
- Optional:Run the following command to view the OpenLDAP information:
ldapsearch -w ${rootDnPW} -D "uid=admin,o=emr" -H ldap://emr-header-1:10389 -b uid=arch,ou=people,o=emr
If you want to remove the added OpenLDAP information, run the following command:ldapdelete -x -D "uid=admin,o=emr" -w ${rootDnPW} -r uid=arch,ou=people,o=emr -H ldap://emr-header-1:10389
- In the EMR console, obtain the root distinguished name (DN) and password from the
Service Configuration section on the Configure tab for OpenLDAP.