https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135118#M27501 <P>Yes able to see "atewari" use in Ranger UI. Thanks.</P> Tue, 10 May 2016 18:16:29 GMT amittewari_5 2016-05-10T18:16:29Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135111#M27494 <P>The steps for Ranger configuration (cn=Manager,dc=hortonworks,dc=com etc.) vs LDAP structure (cn=ldapusers,ou=Groups,dc=example,dc=com etc) are not in sync at <A href="https://community.hortonworks.com/articles/16696/ranger-ldap-integration.html">https://</A><A href="https://community.hortonworks.com/articles/16696/ranger-ldap-integration.html">community.hortonworks.com/articles/16696/ranger-ldap-integration.html</A></P><P>Since I don't have much experience on LDAP, is their any reliable step-by-step I can use to quickly get upto speed with Ranger/LDAP integration?</P> Fri, 06 May 2016 19:01:43 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135111#M27494 amittewari_5 2016-05-06T19:01:43Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135112#M27495 <P><A rel="user" href="https://community.cloudera.com/users/3441/amittewari5.html" nodeid="3441">@Amit Tewari</A> - <A href="http://crazyadmins.com/how-to-integrate-ranger-with-ldap/" target="_blank">http://crazyadmins.com/how-to-integrate-ranger-with-ldap/</A></P><P>If you have any issues, you can ask here. </P><P> <A rel="user" href="https://community.cloudera.com/users/2648/sshimpi.html" nodeid="2648">@Sagar Shimpi</A> and I Can help you.</P> Fri, 06 May 2016 19:06:07 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135112#M27495 KuldeepK 2016-05-06T19:06:07Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135113#M27496 <P><A rel="user" href="https://community.cloudera.com/users/3441/amittewari5.html" nodeid="3441">@Amit Tewari</A> If you want to have quick setup pls do also refer - <A href="https://community.hortonworks.com/articles/30653/openldap-setup.html" target="_blank">https://community.hortonworks.com/articles/30653/openldap-setup.html</A></P><P>Let us know if you have any problems with ranger ldap integration.</P> Fri, 06 May 2016 19:38:40 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135113#M27496 sshimpi 2016-05-06T19:38:40Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135114#M27497 <P>Thanks <A rel="user" href="https://community.cloudera.com/users/504/kkulkarni.html" nodeid="504">@Kuldeep Kulkarni</A> , <A rel="user" href="https://community.cloudera.com/users/2648/sshimpi.html" nodeid="2648">@Sagar Shimpi</A></P><P>LDAP users synched, <EM>however:</EM></P><OL><LI>LDAP user not able to login using Ranger UI (Invalid credentials error-"The username or password you entered is incorrect..")</LI><LI>LDAP users' group not synched/empty in Ranger UI</LI></OL> Mon, 09 May 2016 16:00:56 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135114#M27497 amittewari_5 2016-05-09T16:00:56Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135115#M27498 <P>1. Can you make sure the username and password are correct. Try login from cli just to make ensure.</P><P>2. Can you attached ranger usersync.log and xa-portal.log.</P> Mon, 09 May 2016 17:46:22 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135115#M27498 sshimpi 2016-05-09T17:46:22Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135116#M27499 <P><A rel="user" href="https://community.cloudera.com/users/2648/sshimpi.html" nodeid="2648">@Sagar Shimpi</A> </P><OL><LI>username/password are correct. How to login in Ranger from cli?</LI><LI>Usersync.log as below. Didnt find xa-portal.log</LI></OL><P>PS- So far have HDP sandbox setup (with openldap). Not using openldap for domain login.</P><P>[root@sandbox ~]# tail -f /usr/hdp/current/ranger-usersync/logs/usersync.log </P><P>09 May 2016 09:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.updateSink() completed with user count: 2 09 May 2016 09:53:04 INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==&gt;sink 09 May 2016 10:53:04 INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==&gt;sink 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with -- ldapUrl: ldap://localhost:389, ldapBindDn: cn=Manager,dc=my-domain,dc=com, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=my-domain,dc=com, userSearchBase: ou=users,dc=my-domain,dc=com, userSearchScope: 2, userObjectClass: person, userSearchFilter: , extendedUserSearchFilter: (objectclass=person), userNameAttribute: uid, userSearchAttributes: [uid, ismemberof, memberof], userGroupNameAttributeSet: [ismemberof, memberof], pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: false, groupSearchBase: dc=my-domain,dc=com, groupSearchScope: 2, groupObjectClass: groupofnames, groupSearchFilter: *, extendedGroupSearchFilter: (&amp;(objectclass=groupofnames)(*)(member={0})), extendedAllGroupsSearchFilter: (&amp;(objectclass=groupofnames)(*)), groupMemberAttributeName: member, groupNameAttribute: cn, groupUserMapSyncEnabled: false, ldapReferral: ignore 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 1, userName: atewari, groupList: [] 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 2, userName: sbansal, groupList: [] 09 May 2016 10:53:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.updateSink() completed with user count: 2 09 May 2016 10:53:04 INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==&gt;sink</P> Tue, 10 May 2016 11:00:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135116#M27499 amittewari_5 2016-05-10T11:00:39Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135117#M27500 <A rel="user" href="https://community.cloudera.com/users/3441/amittewari5.html" nodeid="3441">@Amit Tewari</A><P>From the usersync log it seems that ranger is able to sync with your ldap, below are the logs -</P><P>"LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 1, userName: atewari,"</P><P>"LDAPUserGroupBuilder.updateSink() completed with user count: 2"</P><P>Are you able to see "atewari" use in Ranger UI?</P><P>Enable debug in ranger - "vi /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/log4j.xml"</P><P>replace info with debug in above file and restart ranger.</P><P>Check xa-portal.log and see if you are able to see any error.</P> Tue, 10 May 2016 15:02:47 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135117#M27500 sshimpi 2016-05-10T15:02:47Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135118#M27501 <P>Yes able to see "atewari" use in Ranger UI. Thanks.</P> Tue, 10 May 2016 18:16:29 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ranger-LDAP-integration/m-p/135118#M27501 amittewari_5 2016-05-10T18:16:29Z