1.3. Synchronizing LDAP Users and Groups
Run the LDAP synchronize command and answer the prompts to initiate the sync:
ambari-server sync-ldap [option]
| ![[Note]](../common/images/admon/note.png) | Note | 
|---|
| To perform this operation, your Ambari Server must be running.  When prompted, you must provide credentials for an Ambari Admin. When syncing ldap, Local user accounts with matching username will switch to LDAP type, which means their authentication will be against the external LDAP and not against the Local Ambari user store.  LDAP sync only syncs up-to-1000 users. If your LDAP contains over 1000 users and you plan to import over 1000 users, you must use the --users option when syncing and specify a filtered list of users to perform import in batches. 
 | 
The utility provides three options for synchronization:
-  Specific set of users and groups, or 
-  Synchronize the existing users and groups in Ambari with LDAP, or 
-  All users and groups 
Review log files for failed synchronization attempts, at /var/log/ambari-server/ambari-server.log on the Ambari Server host. 
| ![[Note]](../common/images/admon/note.png) | Note | 
|---|
| When synchronizing LDAP users and groups, Ambari uses LDAP results paging controls to
            synchronize large numbers of LDAP objects. Most modern LDAP servers support these control,
            but for those that do not, such as Oracle Directory Server Enterprise Edition 11g, Ambari
            introduces a configuration parameter to disable pagination. The
            authentication.ldap.pagination.enabledproperty can be set to false in the/etc/ambari-server/conf/ambari-propertiesfile to disable result paging controls. This will
            limit the maximum number of entities that can be imported at any given time to the maximum
            result limit of the LDAP server. To work around this, import sets of users or groups using
            the-usersand-groupsoptions covered in section 3.1.4 - Specific Set of Users
              and Groups. |