Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

avatar
author-rank somesh
Explorer

Created ‎05-04-2021 09:58 AM

Hi,
I have configured Ranger with AD for user and group sync but not able to see the users in the Ranger. Ldapsearch  is working fine and able to retrieve the users from group hdpadmin. Please find below snap for the user configuration.

Common ConfigCommon ConfigUser ConfigUser ConfigGroup ConfigGroup Config

 

 

1,733 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank somesh
Explorer

Created ‎05-04-2021 11:22 PM

Able to retrieved the groups and users from that group by changing the parameters as per below link. 

 

https://community.cloudera.com/t5/Support-Questions/LDAP-AD-users-not-appearing-in-Ranger/m-p/285175...

View solution in original post

1,699 Views
0 Kudos
3 REPLIES 3

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎05-04-2021 08:27 PM

@somesh Can you try syncing the users by disabling "Enable Group Search First"

 

1,716 Views
0 Kudos

avatar
author-rank somesh
Explorer

Created ‎05-04-2021 10:02 PM

@Scharan ,the users are not syncing by disabling "Enable Group Search First". Please find the below configuration.

 

ldapUrl: ldap://ad.xxx.xxx:389,
ldapBindDn: CN=user1,OU=bda,DC=HWX,DC=COM,
ldapBindPassword: ***** ,
ldapAuthenticationMechanism: simple,
searchBase: dc=hadoop,dc=apache,dc=org,
userSearchBase: [OU=bda,DC=HWX,DC=COM],
userSearchScope: 2,
userObjectClass: (|(objectClass=person)(objectClass=user)(objectClass=top)),
userSearchFilter: (|(objectClass=person)(objectClass=user)),
extendedUserSearchFilter: (&(objectclass=(|(objectClass=person)(objectClass=user)(objectClass=top)))(|(objectClass=person)(objectClass=user))),
userNameAttribute: sAMAccountName,
userSearchAttributes: [sAMAccountName, memberof, ismemberof],
userGroupNameAttributeSet: [memberof, ismemberof],
pagedResultsEnabled: true,
pagedResultsSize: 500,
groupSearchEnabled: false,
groupSearchBase: [CN=hdpadmin,OU=bda,DC=HWX,DC=COM],
groupSearchScope: 2,
groupObjectClass: hdpadmin,
groupSearchFilter: (|(objectClass=person)(objectClass=user)),
extendedGroupSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))(|(member={0})(member={1}))),
extendedAllGroupsSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))),
groupMemberAttributeName: member,
groupNameAttribute: hdpadmin, groupSearchAttributes: [hdpadmin, member],
groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: true,
ldapReferral: follow

1,709 Views
0 Kudos

avatar
author-rank somesh
Explorer

Created ‎05-04-2021 11:22 PM

Able to retrieved the groups and users from that group by changing the parameters as per below link. 

 

https://community.cloudera.com/t5/Support-Questions/LDAP-AD-users-not-appearing-in-Ranger/m-p/285175...

1,700 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements