OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol (LDAP). OpenLDAP is used to manage users and authenticate identities in E-MapReduce (EMR) clusters.
Integrate a service with OpenLDAP
By default, Knox is integrated with OpenLDAP in an EMR cluster. When you access the web UIs of open source services that are deployed in an EMR cluster on the Access Links and Ports tab in the EMR console, OpenLDAP is used to authenticate your identity. Multiple open source services that are deployed in an EMR cluster can be integrated with OpenLDAP for identity authentication. You can perform simple operations to enable LDAP authentication for specific services in the EMR console. The procedure for integrating a service with OpenLDAP varies. For more information, see the related topic for each service.
Hive: Use LDAP authentication
Spark: Manage LDAP authentication
Impala: Manage LDAP authentication
Trino: Manage LDAP authentication
Presto: Manage LDAP authentication
If LDAP authentication cannot be enabled for a service with a few clicks, refer to the documentation that is provided by the corresponding open source service community to enable LDAP authentication. During the configuration process, you may need to use information about OpenLDAP in an EMR cluster.
Information | Description |
Address of the OpenLDAP service | Common cluster: ldap://master-1-1:10389 High-availability cluster: ldap://master-1-1:10389,ldap://master-1-2:10389 |
Default BaseDN | Go to the Configure tab on the OpenLDAP service page in the EMR console and obtain the value of the user_base_dn parameter on the openldap tab. Default value: |
adminDN | Go to the Configure tab of the OpenLDAP service page in the EMR console and obtain the value of the admin_dn parameter on the openldap tab. Default value: |
admin password | Go to the Configure tab of the OpenLDAP service page in the EMR console and obtain the value of the admin_pwd parameter on the openldap tab. |
Manage LDAP users
We recommend that you add LDAP users on the Users tab in the EMR console. This way, you can add a user that has the same name as a RAM user to the OpenLDAP service. For more information, see Manage user accounts.
OpenLDAP is open source software. You can run commands provided by OpenLDAP, such as ldapadd, ldapdelete, and ldapmodify, to manage users. You can also use an LDIF file to manage users. For more information about how to use an LDIF file to manage users, see the documentation provided by the OpenLDAP community. For more information, see OpenLDAP.