Thanks! previously I was not aware that there is a LDAP server action in Ambari – I am using 1.7…
Thanks for the confirmation! [cid:[email protected]] Xiaoyong From: larry mccay [mailto:[email protected]] Sent: Saturday, March 28, 2015 9:03 PM To: [email protected] Subject: Fwd: Knox for HTTP basic auth? Hi Xiaoyong - It seems that you are on the right track. Ambari 1.7 does have a services option to start the Demo LDAP Server - if you are using a version earlier than that then you do have to do it manually. Adding new users to the Demo LDAP Server is as simple as adding them to the users.ldif file and restarting the LDAP server. You certainly can access services from outside the cluster using Knox - that is our claim to fame. :) Be sure to check out the users guide http://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html it has instructions for each of the services. Keep us updated with your progress. Thank you for your interest in Knox! --larry ---------- Forwarded message ---------- From: Xiaoyong Zhu <[email protected]<mailto:[email protected]>> Date: Sat, Mar 28, 2015 at 8:40 AM Subject: RE: Knox for HTTP basic auth? To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> OK, I guess I figured out the reason. I am using Ambari to manage my cluster, and I suppose: 1. Adding user (for the embedded LDAP server) action could be done by modifying /conf/users.ldif file 2. Also, I am using Ambari to manage my cluster, but Ambari does not start the embedded LDAP server (so I need to manually login to the node and type $KNOXFOLDER/bin/ldap.sh start in order to run the LDAP service to provide authentication). Is this correct? Xiaoyong From: Xiaoyong Zhu [mailto:[email protected]<mailto:[email protected]>] Sent: Saturday, March 28, 2015 6:17 PM To: [email protected]<mailto:[email protected]> Subject: RE: Knox for HTTP basic auth? I figured out the user name and password pair (guest:guest-password) but accessing the REST APIs from outside the cluster will not work. i.e. if I curl -i -k -u guest:guest-password https://<cluster<https://%3ccluster> address>:8443/gateway/default/templeton/v1/status then the sever returns “unauthorized” as the figure below. If I SSH in the cluster and type: curl -i -k -u guest:guest-password https://localhost:8443/gateway/default/templeton/v1/status then the the results is returned successfully. So I still have 2 questions: 1. How could I add one user in LDAP with customized username/password? 2. How could I do to enable accessing KNOX from outside of the cluster? Thanks! Xiaoyong From: Xiaoyong Zhu [mailto:[email protected]] Sent: Saturday, March 28, 2015 5:43 PM To: [email protected]<mailto:[email protected]> Subject: Knox for HTTP basic auth? Hi experts I have deployed Knox successfully to my cluster, and I want to enable the HTTP basic auth (i.e. username+password) to protect my REST APIs. As you can see in the attached figure, I am trying to reach the templeton/WebHCat endpoint via Knox. However, I don’t know what’s the default user name/password, and how could I configure them? [cid:[email protected]] I have read the Knox documentation and I guess I may need to configure LDAP directory to enable this, right? If so, how could I add an LDAP user in the embedded LDAP server? Thanks! Xiaoyong
