-
How to integrate with LDAP?
-
Setup details
- We will be using a 2 VM setup: one with LDAP and one with HDP 2.3. In this example we will be using a single node HDP 2.3 setup installed via Ambari
- The official 2.3 sandbox is not being used as it already has Ranger installed.
- Install Centos 6.5 on on VM and setup FreeIPA using steps
Create a new CentOS VM. Follow the Steps from Lab 1 to create the CentOS VM.
Once you are logged in. Create CentOS VM
yum install -y git cd ~ git clone https://github.com/abajwa-hw/security-workshops #configure/run script to install/start IPA server ~/security-workshops/scripts/run_setupFreeIPA.sh # (Optional) configure/run script to import groups/users and their kerberos princials ~/security-workshops/scripts/run_FreeIPA_importusers.sh
- Setup HDP 2.3 and configure kerberos using principals in IPA server using instructions here
- To configure Ambari to sync with LDAP see steps here
- To configure user views to work on secured cluster see steps here
Setup Ranger and authorization policies and review audit reports from a Rangers Policy Manager on HDP 2.3 using steps here
Enable Knox to work with kerberos enabled cluster to enable perimeter security on HDP 2.3 using steps here
Enable encryption at rest by setting up Ranger KMS, its Ranger plugin and encryption zones using steps here
For resources on topics such as the below, refer to here
- Troubleshooting
- Audit logs in HDFS
- Wire encryption
- Security related Ambari services