Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Solved Go to solution
Highlighted

Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Expert Contributor
 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

@terry Before Ambari 2.1.2, in order to have Ranger admin UI do authenticated binds to find role information we use to set these two properties as custom properties.

ranger.ldap.bind.dn
ranger.ldap.bind.password

Because of this the value of ranger.ldap.bind.password was always displayed in cleartext.

This was fix in Ambari 2.1.2 where the the ranger.ldap.bind.password is specified as a password field so the value is obscured. The relevant JIRA was AMBARI-12896

1192-screen-shot-2016-01-04-at-74711-pm.png

If you were referring to the the Ranger Usersync LDAP bind password that was only fixed in Ambari 2.2

Please double check which version of Ambari you are using.

View solution in original post

6 REPLIES 6
Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Explorer

what version of Ambari is being used? This looks like a bug. All passwords should be encrypted in the xml config file(s).

Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Expert Contributor

Ambari 2.1.2.1. You can see the password in clear text on the Ranger LDAP setup page.

Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Mentor
Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

@terry Before Ambari 2.1.2, in order to have Ranger admin UI do authenticated binds to find role information we use to set these two properties as custom properties.

ranger.ldap.bind.dn
ranger.ldap.bind.password

Because of this the value of ranger.ldap.bind.password was always displayed in cleartext.

This was fix in Ambari 2.1.2 where the the ranger.ldap.bind.password is specified as a password field so the value is obscured. The relevant JIRA was AMBARI-12896

1192-screen-shot-2016-01-04-at-74711-pm.png

If you were referring to the the Ranger Usersync LDAP bind password that was only fixed in Ambari 2.2

Please double check which version of Ambari you are using.

View solution in original post

Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Expert Contributor

This was the Usersync LDAP bind password block @Ancil McBarnett and the Ambari version is 2.1.2.1. All the other passwords are hidden.

Highlighted

Re: Can the Ranger LDAP bind password be encrypted? It is stored in plain text in Ambari.

Just one question.

AMBARI-12896 won't encrypt/obfscate password stored in ranger's xml file, will it?

Don't have an account?
Coming from Hortonworks? Activate your account here