Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Exception while synching groups with AD

avatar
Rising Star

Ranger usersych is throwing an exception while connecting to AD: below is the exception, any ideas? I have verified that I can bind successfully with AD.

03 Nov 2015 17:39:40  INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 
03 Nov 2015 17:39:40 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details:
javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:449)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
1 ACCEPTED SOLUTION

avatar
Master Mentor

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

View solution in original post

4 REPLIES 4

avatar
Expert Contributor

Are you using ldap://<ip/hostname>:636 or ldaps://<ip/hostname>:636 in the usersync configuration?

avatar
Master Mentor

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

avatar
Rising Star

@Neeraj Yes, I figure that much out and now its complaining about not finding the cert which I have imported into a truststore and pointing to it.

avatar
Master Mentor

@hfaouaz@hortonworks.com Errors or log entries ..please

I am sure you did see this link