Hello - i've Active Directory integrated with Ranger for authentication, somehow the users/usergroups are not showing up. The error is as shown below, usersync.log file attached
usersynclog.txt
Any ideas on this ?
------------------------------------------------------------------------
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.Apple-tab-span {white-space:pre}
26 Apr 2017 22:02:01 WARN FSInputChecker [main] - Problem opening checksum file: file:/usr/hdp/current/ranger-usersync/conf/ugsync.jceks. Ignoring exception:
java.io.FileNotFoundException: /usr/hdp/current/ranger-usersync/conf/.ugsync.jceks.crc (Permission denied)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at org.apache.hadoop.fs.RawLocalFileSystem$LocalFSFileInputStream.<init>(RawLocalFileSystem.java:111)
at org.apache.hadoop.fs.RawLocalFileSystem.open(RawLocalFileSystem.java:215)
at org.apache.hadoop.fs.ChecksumFileSystem$ChecksumFSInputChecker.<init>(ChecksumFileSystem.java:152)
at org.apache.hadoop.fs.ChecksumFileSystem.open(ChecksumFileSystem.java:348)
at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:782)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.getInputStreamForFile(JavaKeyStoreProvider.java:70)
at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:107)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:49)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:41)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:100)
at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:59)
at org.apache.ranger.authentication.UnixAuthenticationService.init(UnixAuthenticationService.java:224)
at org.apache.ranger.authentication.UnixAuthenticationService.run(UnixAuthenticationService.java:118)
at org.apache.ranger.authentication.UnixAuthenticationService.main(UnixAuthenticationService.java:105)
26 Apr 2017 22:02:01 INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello]
26 Apr 2017 22:02:01 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1]
26 Apr 2017 22:02:01 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1]
26 Apr 2017 22:02:01 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2]
26 Apr 2017 22:02:38 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex
26 Apr 2017 22:02:38 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex
26 Apr 2017 22:02:38 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder created
26 Apr 2017 22:02:38 INFO UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
26 Apr 2017 22:02:38 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started
26 Apr 2017 22:02:38 WARN FSInputChecker [UnixUserSyncThread] - Problem opening checksum file: file:/usr/hdp/current/ranger-usersync/conf/ugsync.jceks. Ignoring exception:
java.io.FileNotFoundException: /usr/hdp/current/ranger-usersync/conf/.ugsync.jceks.crc (Permission denied)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at org.apache.hadoop.fs.RawLocalFileSystem$LocalFSFileInputStream.<init>(RawLocalFileSystem.java:111)
at org.apache.hadoop.fs.RawLocalFileSystem.open(RawLocalFileSystem.java:215)
at org.apache.hadoop.fs.ChecksumFileSystem$ChecksumFSInputChecker.<init>(ChecksumFileSystem.java:152)
at org.apache.hadoop.fs.ChecksumFileSystem.open(ChecksumFileSystem.java:348)
at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:782)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.getInputStreamForFile(JavaKeyStoreProvider.java:70)
at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:107)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:49)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:41)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:100)
at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:59)
at org.apache.ranger.unixusersync.config.UserGroupSyncConfig.getLdapBindPassword(UserGroupSyncConfig.java:541)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.setConfig(LdapUserGroupBuilder.java:174)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.init(LdapUserGroupBuilder.java:135)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:55)
at java.lang.Thread.run(Thread.java:745)
26 Apr 2017 22:02:38 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with -- ldapUrl: ldaps://amp.gdcs-qa.apple.com:636, ldapBindDn: bdp-ldap-auth, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=amp,dc=gdcs-test,dc=apple,dc=com, userSearchBase: [dc=amp,dc=gdcs-qa,dc=apple,dc=com], userSearchScope: 2, userObjectClass: person, userSearchFilter: , extendedUserSearchFilter: (objectclass=person), userNameAttribute: sAMAccountName, userSearchAttributes: [sAMAccountName], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [dc=amp,dc=gdcs-qa,dc=apple,dc=com], groupSearchScope: 2, groupObjectClass: groupOfNames, groupSearchFilter: ou=core,dc=amp,dc=gdcs-qa,dc=apple,dc=com, extendedGroupSearchFilter: (&(objectclass=groupOfNames)(ou=core,dc=amp,dc=gdcs-qa,dc=apple,dc=com)(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: (&(objectclass=groupOfNames)(ou=core,dc=amp,dc=gdcs-qa,dc=apple,dc=com)), groupMemberAttributeName: member, groupNameAttribute: distinguishedName, groupSearchAttributes: [member, distinguishedName], groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: ignore
26 Apr 2017 22:02:38 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink
26 Apr 2017 22:02:38 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started
26 Apr 2017 22:02:38 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Performing user search first
26 Apr 2017 22:02:38 ERROR CustomSSLSocketFactory [UnixUserSyncThread] - Unable to obtain keystore from file [/usr/hdp/current/ranger-usersync/conf/mytruststore.jks]
26 Apr 2017 22:02:38 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details:
javax.naming.CommunicationException: amp.gdcs-qa.apple.com:636 [Root exception is java.lang.NullPointerException]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:147)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.getUsers(LdapUserGroupBuilder.java:377)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:302)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory.createSocket(CustomSSLSocketFactory.java:138)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:328)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 17 more
