Support Questions

Find answers, ask questions, and share your expertise

Can multiple AD domains be configured with ranger?

New Contributor

considering domain.example1.com & domain.example2.com transitive two way trust exists between these domains.

- hadoop cluster is joined to domain.example2.com.

- users are from domain.example1.com and user groups are in domain.example2.com.

- can usersync and groupsync be done from different domains?

- Is cross domain ranger policy setup achievable?

1 ACCEPTED SOLUTION

Expert Contributor

@rasiq abdul,

Currently Ranger doesn't have ability to sync users/groups from multiple domains. Only multiple OUs from same domain are supported in ranger currently. In some customer environments, each domain can be migrated to a common LDAP/AD server under a OU (Organizational Unit) and ranger can be pointed to that common AD/LDAP server.

Thanks,

Sailaja.

View solution in original post

1 REPLY 1

Expert Contributor

@rasiq abdul,

Currently Ranger doesn't have ability to sync users/groups from multiple domains. Only multiple OUs from same domain are supported in ranger currently. In some customer environments, each domain can be migrated to a common LDAP/AD server under a OU (Organizational Unit) and ranger can be pointed to that common AD/LDAP server.

Thanks,

Sailaja.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.