Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Labels:
avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎12-22-2015 03:58 PM

 
2,617 Views
1 ACCEPTED SOLUTION

avatar
author-rank amcbarnett
Guru

Created on ‎01-05-2016 12:48 AM - edited ‎08-19-2019 05:27 AM

@terry Before Ambari 2.1.2, in order to have Ranger admin UI do authenticated binds to find role information we use to set these two properties as custom properties. 

ranger.ldap.bind.dn
ranger.ldap.bind.password

Because of this the value of ranger.ldap.bind.password was always displayed in cleartext.

This was fix in Ambari 2.1.2 where the the ranger.ldap.bind.password is specified as a password field so the value is obscured. The relevant JIRA was AMBARI-12896

1192-screen-shot-2016-01-04-at-74711-pm.png

If you were referring to the the Ranger Usersync LDAP bind password that was only fixed in Ambari 2.2

Please double check which version of Ambari you are using.

View solution in original post

2,174 Views
6 REPLIES 6

avatar
author-rank sneethiraj
Contributor

Created ‎12-22-2015 04:09 PM

what version of Ambari is being used? This looks like a bug. All passwords should be encrypted in the xml config file(s).

2,174 Views
0 Kudos

avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎12-22-2015 04:43 PM

Ambari 2.1.2.1. You can see the password in clear text on the Ranger LDAP setup page.

2,174 Views
0 Kudos

avatar
author-rank aervits
Master Mentor

Created ‎12-24-2015 02:14 PM

@Ancil McBarnett

2,174 Views
0 Kudos

avatar
author-rank amcbarnett
Guru

Created on ‎01-05-2016 12:48 AM - edited ‎08-19-2019 05:27 AM

@terry Before Ambari 2.1.2, in order to have Ranger admin UI do authenticated binds to find role information we use to set these two properties as custom properties. 

ranger.ldap.bind.dn
ranger.ldap.bind.password

Because of this the value of ranger.ldap.bind.password was always displayed in cleartext.

This was fix in Ambari 2.1.2 where the the ranger.ldap.bind.password is specified as a password field so the value is obscured. The relevant JIRA was AMBARI-12896

1192-screen-shot-2016-01-04-at-74711-pm.png

If you were referring to the the Ranger Usersync LDAP bind password that was only fixed in Ambari 2.2

Please double check which version of Ambari you are using.

2,175 Views

avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎01-05-2016 03:39 PM

This was the Usersync LDAP bind password block @Ancil McBarnett and the Ambari version is 2.1.2.1. All the other passwords are hidden.

2,174 Views
0 Kudos

avatar
author-rank hosako
Guru

Created ‎01-13-2017 12:59 AM

Just one question.

AMBARI-12896 won't encrypt/obfscate password stored in ranger's xml file, will it?

2,174 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements