When using the freeipa autodns mode, the Cloudera Manager External Auth field for "LDAP User Search Filter" is being set to a ActiveDirectory type expression
Its being set to "(sAMAccountName={0})" but should be "(uid={0})"
In order to execute a seamless Base + PvC Control Plane + any DS install, this will need to be corrected, as the the CP gets this info from CM. and the DS's need LDAP working for its MagicSSO.
clevesque
commented
1 year ago
When using the freeipa autodns mode, the Cloudera Manager External Auth field for "LDAP User Search Filter" is being set to a ActiveDirectory type expression Its being set to "(sAMAccountName={0})" but should be "(uid={0})"
In order to execute a seamless Base + PvC Control Plane + any DS install, this will need to be corrected, as the the CP gets this info from CM. and the DS's need LDAP working for its MagicSSO.
The confusing bit is that it looks like the CM settings are coming from: https://github.com/cloudera-labs/cloudera.cluster/blob/main/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
and not at all from: https://github.com/cloudera-labs/cloudera.cluster/blob/devel-pvc-update/roles/infrastructure/krb5_common/defaults/main.yml
Manual workarounds can be done, but this is actually an important area for proper automation (long term)