Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ranger AD/LDAP into unix groups

Labels:
avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎04-20-2016 02:30 AM

Does ranger creates unix groups during AD/LDAP sync? Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

2,380 Views
1 ACCEPTED SOLUTION

avatar
author-rank mthiele1
New Member

Created ‎04-20-2016 01:41 PM

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

View solution in original post

2,168 Views
2 REPLIES 2

avatar
author-rank pvillard author-rank
Guru

Created ‎04-20-2016 08:35 AM

Hi Sunile,

I believe unix groups are not created during AD/LDAP sync with Ranger, however I think that if a policy cannot be checked with AD/LDAP, it will then be checked against unix groups before failing.

2,168 Views
0 Kudos

avatar
author-rank mthiele1
New Member

Created ‎04-20-2016 01:41 PM

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

2,169 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements