Setting Up LDAP User Authentication
The following table details the properties and values you need to know to set up LDAP authentication.
| ![[Note]](../common/images/admon/note.png) | Note | 
|---|---|
|  If you are going to set  | 
Ambari Server LDAP Properties
| Property | Values | Description | 
|---|---|---|
| authentication.ldap.primaryUrl | server:port | The hostname and port for the LDAP or AD server. Example: my.ldap.server:389 | 
| authentication.ldap.secondaryUrl | server:port | The hostname and port for the secondary LDAP or AD server. Example: my.secondary.ldap.server:389 This is an optional value. | 
| authentication.ldap.useSSL | true or false | If true, use SSL when connecting to the LDAP or AD server. | 
| authentication.ldap.usernameAttribute | [LDAP attribute] | The attribute for username. Example: uid | 
| authentication.ldap.baseDn | [Distinguished Name] | The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org | 
| authentication.ldap.referral | [Referral method] | Determines if LDAP referrals should be followed, or ignored. | 
| authentication.ldap.bindAnonymously | true or false | If true, bind to the LDAP or AD server anonymously | 
| authentication.ldap.managerDn | [Full Distinguished Name] | If Bind anonymous is set to false, the Distinguished Name (“DN”) for the manager. Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org | 
| authentication.ldap.managerPassword | [password] | If Bind anonymous is set to false, the password for the manager | 
| authentication.ldap.userObjectClass | [LDAP Object Class] | The object class that is used for users. Example: organizationalPerson | 
| authentication.ldap.groupObjectClass | [LDAP Object Class] | The object class that is used for groups. Example: groupOfUniqueNames | 
| authentication.ldap.groupMembershipAttr | [LDAP attribute] | The attribute for group membership. Example: uniqueMember | 
| authentication.ldap.groupNamingAttr | [LDAP attribute] | The attribute for group name. | 

