Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

ranger usersync connect to ldap failed

Labels:
avatar
author-rank bigdatacn
Expert Contributor

Created ‎02-29-2016 09:10 AM

Summary: Our LDAP ssl crt is signed-certification. 

29 Feb 2016 09:08:06 ERROR PasswordValidator [Thread-43] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
29 Feb 2016 09:09:06 ERROR PasswordValidator [Thread-44] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
7,286 Views
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-29-2016 09:48 AM

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

View solution in original post

6,769 Views
0 Kudos
11 REPLIES 11

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-29-2016 09:48 AM

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

6,770 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎02-29-2016 10:49 AM

@Neeraj Sabharwal, thanks for your reply. I've runned on Ambari UI. it works fine. but How can I add ldap user/groups to ranger. seems I can't add them, if there have some docs link. Could you share with me ? Thanks.

We want to use ranger to harden hadoop.

Notes: HDP 2.2 Ranger 0.4

5,845 Views

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-01-2016 01:44 AM

@Neeraj Sabharwal ambari version 2.0.1

5,845 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-01-2016 01:51 AM

@henryon wen

This can save you lot of time https://github.com/abajwa-hw/security-workshops

The above guide is very helpful to learn security setup.

You asked for official doc https://cwiki.apache.org/confluence/display/RANGER/Configure+Ranger+UserSync+for+LDAP

5,845 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-02-2016 08:56 AM

@henryon wen Could you help me to close this thread by accepting the answer?

5,845 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-02-2016 06:43 AM

@Neeraj Sabharwal

thanks,

btw, I encountered another issues when sync LDAP user/groups.

Can you help on this? Thanks.

The error messages:

02 Mar 2016 06:38:09  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with --  ldapUrl: ldaps://52.17.129.212:636,  ldapBindDn: cn=admin,dc=abc,dc=com,  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: simple,  userSearchBase: ou=people,dc=abc,dc=com,  userSearchScope: 2,  userObjectClass: person,  userSearchFilter: -,  extendedSearchFilter: (&(objectclass=person)(-)),  userNameAttribute: uid,  userSearchAttributes: [uid, memberof]
02 Mar 2016 06:38:09 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 300000 milliseconds. Error details:
javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=people,dc=abc,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at com.xasecure.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:195)
at com.xasecure.usergroupsync.UserGroupSync.run(UserGroupSync.java:59)
at java.lang.Thread.run(Thread.java:745)
5,845 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-02-2016 09:00 AM

@henryon wen Please open this as new question

5,845 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-02-2016 09:25 AM

@Neeraj Sabharwal I've fixed by myself. by setting SYNC_LDAP_USER_SEARCH_FILTER to "uid=*"

5,845 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements