Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Exception while synching groups with AD

Solved Go to solution
Highlighted

Exception while synching groups with AD

Contributor

Ranger usersych is throwing an exception while connecting to AD: below is the exception, any ideas? I have verified that I can bind successfully with AD.

03 Nov 2015 17:39:40  INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 
03 Nov 2015 17:39:40 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details:
javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:449)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Exception while synching groups with AD

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

4 REPLIES 4

Re: Exception while synching groups with AD

Expert Contributor

Are you using ldap://<ip/hostname>:636 or ldaps://<ip/hostname>:636 in the usersync configuration?

Re: Exception while synching groups with AD

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

Re: Exception while synching groups with AD

Contributor

@Neeraj Yes, I figure that much out and now its complaining about not finding the cert which I have imported into a truststore and pointing to it.

Re: Exception while synching groups with AD

@hfaouaz@hortonworks.com Errors or log entries ..please

I am sure you did see this link