Support Questions
Find answers, ask questions, and share your expertise

Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

Explorer

Hi,
I have configured Ranger with AD for user and group sync but not able to see the users in the Ranger. Ldapsearch  is working fine and able to retrieve the users from group hdpadmin. Please find below snap for the user configuration.

Common ConfigCommon ConfigUser ConfigUser ConfigGroup ConfigGroup Config

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

Explorer

Able to retrieved the groups and users from that group by changing the parameters as per below link. 

 

https://community.cloudera.com/t5/Support-Questions/LDAP-AD-users-not-appearing-in-Ranger/m-p/285175...

View solution in original post

3 REPLIES 3

Re: Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

Expert Contributor

@somesh Can you try syncing the users by disabling "Enable Group Search First"

 

Re: Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

Explorer

@Scharan ,the users are not syncing by disabling "Enable Group Search First". Please find the below configuration.

 

ldapUrl: ldap://ad.xxx.xxx:389,
ldapBindDn: CN=user1,OU=bda,DC=HWX,DC=COM,
ldapBindPassword: ***** ,
ldapAuthenticationMechanism: simple,
searchBase: dc=hadoop,dc=apache,dc=org,
userSearchBase: [OU=bda,DC=HWX,DC=COM],
userSearchScope: 2,
userObjectClass: (|(objectClass=person)(objectClass=user)(objectClass=top)),
userSearchFilter: (|(objectClass=person)(objectClass=user)),
extendedUserSearchFilter: (&(objectclass=(|(objectClass=person)(objectClass=user)(objectClass=top)))(|(objectClass=person)(objectClass=user))),
userNameAttribute: sAMAccountName,
userSearchAttributes: [sAMAccountName, memberof, ismemberof],
userGroupNameAttributeSet: [memberof, ismemberof],
pagedResultsEnabled: true,
pagedResultsSize: 500,
groupSearchEnabled: false,
groupSearchBase: [CN=hdpadmin,OU=bda,DC=HWX,DC=COM],
groupSearchScope: 2,
groupObjectClass: hdpadmin,
groupSearchFilter: (|(objectClass=person)(objectClass=user)),
extendedGroupSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))(|(member={0})(member={1}))),
extendedAllGroupsSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))),
groupMemberAttributeName: member,
groupNameAttribute: hdpadmin, groupSearchAttributes: [hdpadmin, member],
groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: true,
ldapReferral: follow

Re: Configured Ranger with AD/LDAP but not able to sync users and groups from AD.

Explorer

Able to retrieved the groups and users from that group by changing the parameters as per below link. 

 

https://community.cloudera.com/t5/Support-Questions/LDAP-AD-users-not-appearing-in-Ranger/m-p/285175...

View solution in original post