How can I mirror Active Directory groups through LDAP and automatically associate Arcadia users with those groups?


Let’s say I have 2 Active Directory groups that I’m fetching through LDAP authentication:

  • developers
  • view_only_users

I would like to persist these groups in Arcadia so that our user-group mapping happens automatically when they login. For example, my user account (“myuser”) is a member of the “developers” group, so when I login I should be automatically mapped to that group in Arcadia.

Step 1: Create local groups in Arcadia with the exact same names as your Active Directory groups (i.e. developers, view_only_users). The screenshot below shows just one example:

Step 2: Check and modify the AUTH_LDAP_MIRROR_GROUPS to be True setting in your LDAP configuration, which can be found in the Arcadia Visualization Server Safety Valve ( in Cloudera Manager or Arcviz Settings in Ambari:


Step 3: Restart the Arcadia Visualization Server and login with your user like normal.

Step 4: Check the Users and Groups page and you’ll notice that your user is associated with the desired AD groups (developers in this case since you aren’t in the view_only_users group):

NOTE: If your groups are still not matching or persisting in Arcadia after this, its possible your Group Search DN needs to be modified in your LDAP configuration.