How can I mirror Active Directory groups through LDAP and automatically associate Arcadia users with those groups?

Use-case:

Let’s say I have 2 Active Directory groups that I’m fetching through LDAP authentication:

  • developers
  • view_only_users

I would like to persist these groups in Arcadia so that our user-group mapping happens automatically when they login. For example, my user account (“myuser”) is a member of the “developers” group, so when I login I should be automatically mapped to that group in Arcadia.

Step 1: Create local groups in Arcadia with the exact same names as your Active Directory groups (i.e. developers, view_only_users). The screenshot below shows just one example:

Step 2: Check and modify the AUTH_LDAP_MIRROR_GROUPS to be True setting in your LDAP configuration, which can be found in the Arcadia Visualization Server Safety Valve (settings_cm.py) in Cloudera Manager or Arcviz Settings in Ambari:

AUTH_LDAP_MIRROR_GROUPS = True

Step 3: Restart the Arcadia Visualization Server and login with your user like normal.

Step 4: Check the Users and Groups page and you’ll notice that your user is associated with the desired AD groups (developers in this case since you aren’t in the view_only_users group):

NOTE: If your groups are still not matching or persisting in Arcadia after this, its possible your Group Search DN needs to be modified in your LDAP configuration.