https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402632#M251729 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/79092">@drewski7</a>&nbsp;Yes,&nbsp; UserSync is Required.&nbsp; Please see docs:<BR /><BR /><A href="https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-ranger-user-management/topics/security-ranger-configure-adv-usersync-freeipa.html" target="_blank">https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-ranger-user-management/topics/security-ranger-configure-adv-usersync-freeipa.html</A></P><P>&nbsp;</P><P>You can take the top arrow on the version to make sure its your correct version.</P> Thu, 20 Feb 2025 14:00:08 GMT steven-matison 2025-02-20T14:00:08Z https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/401925#M251353 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/20288">@Shelton</a>&nbsp;</P><P>My team and I have been running Apache Ranger Admin v2.4.0 in Docker. We recently started an effort to try and upgrade&nbsp;Apache Ranger Admin v2.5.0. In v2.4.0, we set up the install.properties file to correctly point to our LDAP server for logging in to the Ranger Admin UI and everything was working well. One thing to note, is that in v2.4.0 we didn't have usersync running, and we were still able to login.<BR /><BR />After upgrading to&nbsp;Apache Ranger Admin v2.5.0, we ran into an issue trying to login to the Ranger Admin UI. In the logs this is what it showed...</P><P>ranger-admin.log -</P><PRE>2025-02-12 20:14:42,853 [https-jsse-nio-6182-exec-8] INFO [SpringEventListener.java:76] Login Successful:drew.nicolette | Ip Address:xxxxxxxxx | sessionId=5F137022A5347056C441709DDC19A26F | Epoch=1739391282852<BR />2025-02-12 20:14:42,890 [https-jsse-nio-6182-exec-8] ERROR [SessionMgr.java:486] Error getting user for loginId=drew.xxxxxx</PRE><P>catalina.out -</P><PRE>java.lang.RuntimeException: Failed to create user drew.xxxxxxx in x_portal_user table. retrying<BR />at org.apache.ranger.biz.XUserMgr$ExternalUserCreator.createExternalUser(XUserMgr.java:3314)<BR />at org.apache.ranger.biz.XUserMgr$ExternalUserCreator.run(XUserMgr.java:3288)<BR />at org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter.addRunnable(RangerTransactionSynchronizationAdapter.java:136)<BR />at org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter.executeOnTransactionCommit(RangerTransactionSynchronizationAdapter.java:82)<BR />at org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2601)<BR />at org.apache.ranger.biz.XUserMgr$$FastClassBySpringCGLIB$$57c6d473.invoke(&lt;generated&gt;)<BR />at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)<BR />at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)<BR />at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)<BR />at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:703)<BR />at org.apache.ranger.biz.XUserMgr$$EnhancerBySpringCGLIB$$c3461920.createServiceConfigUser(&lt;generated&gt;)<BR />at org.apache.ranger.security.web.authentication.RangerAuthSuccessHandler.onAuthenticationSuccess(RangerAuthSuccessHandler.java:96)<BR />at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:329)<BR />at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:237)<BR />at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)<BR />at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)<BR />at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)<BR />at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.session.ForceEagerSessionCreationFilter.doFilterInternal(ForceEagerSessionCreationFilter.java:45)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)<BR />at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)<BR />at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:181)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156)<BR />at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)<BR />at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)<BR />at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)<BR />at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)<BR />at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)<BR />at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:679)<BR />at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)<BR />at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)<BR />at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:617)<BR />at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)<BR />at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:934)<BR />at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1698)<BR />at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)<BR />at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)<BR />at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)<BR />at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<BR />at java.lang.Thread.run(Thread.java:750)<BR />Caused by: javax.persistence.TransactionRequiredException: No EntityManager with actual transaction available for current thread - cannot reliably process 'persist' call<BR />at org.springframework.orm.jpa.SharedEntityManagerCreator$SharedEntityManagerInvocationHandler.invoke(SharedEntityManagerCreator.java:300)<BR />at com.sun.proxy.$Proxy33.persist(Unknown Source)<BR />at org.apache.ranger.common.db.BaseDao.create(BaseDao.java:110)<BR />at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:161)<BR />at org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke(&lt;generated&gt;)<BR />at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)<BR />at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)<BR />at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)<BR />at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:703)<BR />at org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$a7bf07b4.createUser(&lt;generated&gt;)<BR />at org.apache.ranger.biz.XUserMgr$ExternalUserCreator.createExternalUser(XUserMgr.java:3309)<BR />... 57 more</PRE><P>&nbsp;However, once we added ranger usersync into the process. We were able to login successfully.</P><P>&nbsp;</P><P>Is&nbsp;Apache Ranger Admin v2.5.0 dependent on Usersync to run for login to the Admin UI or am I missing something obvious?</P><P>Thanks!</P> Wed, 12 Feb 2025 20:35:45 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/401925#M251353 drewski7 2025-02-12T20:35:45Z https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402632#M251729 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/79092">@drewski7</a>&nbsp;Yes,&nbsp; UserSync is Required.&nbsp; Please see docs:<BR /><BR /><A href="https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-ranger-user-management/topics/security-ranger-configure-adv-usersync-freeipa.html" target="_blank">https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-ranger-user-management/topics/security-ranger-configure-adv-usersync-freeipa.html</A></P><P>&nbsp;</P><P>You can take the top arrow on the version to make sure its your correct version.</P> Thu, 20 Feb 2025 14:00:08 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402632#M251729 steven-matison 2025-02-20T14:00:08Z https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402633#M251730 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/95503">@steven-matison</a>&nbsp;- Sorry but where do you see that it is required?<BR /><BR />To me, setting the LDAP configurations for Ranger Admin would allow logging into the Ranger Admin UI via an LDAP source and Ranger Usersync was primarily for syncing Users/Groups to be used in policies.&nbsp;</P><P>So why would Ranger Usersync be needed to login to the Ranger Admin UI?&nbsp;</P> Thu, 20 Feb 2025 14:11:31 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402633#M251730 drewski7 2025-02-20T14:11:31Z https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402634#M251731 <P>I just know from many years of setting up ranger within ambari with usersync.&nbsp; I doubt current CDP docs will strictly call it out.&nbsp; &nbsp;</P> Thu, 20 Feb 2025 14:31:25 GMT https://community.cloudera.com/t5/Support-Questions/Apache-Ranger-Admin-UI-Login-Question/m-p/402634#M251731 steven-matison 2025-02-20T14:31:25Z