Step 13 of BDA V4.2 AD Kerberos Install Fails with hdfs "already exists in Active Directory" but Removing it Does Not Help

(Doc ID 2060141.1)

Last updated on SEPTEMBER 25, 2015

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 to 4.2.0 [Release 4.2]
Linux x86-64

Symptoms

1. Installing BDA V4.2 with Mammoth for AD Kerberos fails at Step 13 with an error like:

Error [12123]: (//host.example.com//Stage[main]/Hadoop::Enablekerberos/Exec[enable_kerberos]/returns) change from notrun to 0 failed: /opt/oracle/BDAMammoth/bdaconfig/tmp/enablekerberos.sh &> /opt/oracle/BDAMammoth/bdaconfig/tmp/enablekerberos_1442580879.out returned 1 instead of one of [0]


2.  enablekerberos_1442580879.out shows:

'hdfs/example.com@EXAMPLE.COM already exists in Active Directory.
Please delete it before re-generating it


3. Deleting this principal and rerunning Step 13 raises exactly the same error.

4. Verifying the certificate with 'openssl x509 -in active_directory.cer -inform DER -text' shows that the certificate is valid.

5. Running the failing LDAP command identified from enablekerberos_1442580879.out being called from /opt/oracle/BDAMammoth/bdaconfig/MammothSteps/SetupKerberos.pm:

ldapsearch -LLL -H ldaps://host.example.com:636 -b "DC=x,DC=xxx,DC=com,DC=xx" -x -D xxxadmin@EXAMPLE.COM -w "admin_pwd"


does not complete successfully.  Instead it ends with:

Size limit exceeded (4)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms