How to enable LDAP authentication for Arcadia Engine - where is the option?

If you want to enable LDAP authentication at the arcengine level there are a few settings you need to enable. Note this is separate from Arcadia visualization server for UI login authentication which you can refer to this online doc:

Using Cloudera Manager you can use the out of the box configuration by search for LDAP:

One config that is missing, is the ldap_bind_pattern. In order to set that you can use the arcengine flag file settings as shown here:

image001%20(34)

1 Like

To connect to Arcadis shell (similar to impala shell), it can be found in the parcel path here (or alias it as described here):

 /opt/cloudera/parcels/ARCADIAENTERPRISE/lib/arcengine/shell/arcadia-shell

or if using Ambari:

 /opt/arcadia/lib/arcengine/shell/arcadia-shell

Then you can specify any config files using the command line option:

--config_file=path_to_config_file

Arcadia supports the same options as impala-shell, with some default settings to works automatically with proper ports. Refer to this for full listing of options:
http://documentation.arcadiadata.com/4.4.0.0/#pages/topics/arc-shell.html

1 Like

If you’re using Ambari (HDP) with Arcadia installed, you will need to enable LDAP for Arcadia Analytics Engine like this:

The below settings are required:

enable_ldap_auth=true
ldap_uri=ldap://10.0.0.x
ldap_bind_pattern=user=#UID,CN=blah,OU=blah,DC=my,DC=company,DC=com

Notes on ldap_bind_pattern: If your LDAP settings include a search base, use the ldap_bind_pattern to translate the short user name from arcadia-shell automatically to the fully qualified name.

Other options if you don’t want to use the ldap_bind_pattern:

ldap_domain: Replaces the username with a string username@ldap_domain.
ldap_baseDN: Replaces the username with a "distinguished name" (DN) of the form: uid=userid,ldap_baseDN

NOTE: Use ONLY ONE of these 3 options, otherwise Arcadia Analytics Engine will not start.

If you’re wanting to connect to LDAP with SSL (LDAPS) you will also need to add these flags:

ldap_tls=true
ldap_ca_certificate="/path/to/certificate/pem"

Connecting to arcadia-shell when LDAP is enabled

arcadia-shell -l -u myldapusername

-l enables LDAP authentication.
-u sets the user

NOTE: arcadia-shell will prompt for password once the command is submitted.

Connecting to Arcadia Analytics Engine through JDBC when LDAP is enabled

jdbc:hive2://node1.mycompany.com:31050;AuthMech=3;
UID=myldapusername;PWD=myldappassword;

AuthMech 3 means that we’re looking to set a Username and Password when authenticating, which is required for LDAP authentication.

1 Like