Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Exception while synching groups with AD

Labels:
avatar
author-rank hfaouaz
Rising Star

Created ‎11-03-2015 10:41 PM

Ranger usersych is throwing an exception while connecting to AD: below is the exception, any ideas? I have verified that I can bind successfully with AD.

03 Nov 2015 17:39:40  INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 
03 Nov 2015 17:39:40  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 
03 Nov 2015 17:39:40 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details:
javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:449)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149)
at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
3,134 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎11-03-2015 10:46 PM

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

View solution in original post

2,435 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank spolavarapu author-rank
Expert Contributor

Created ‎11-03-2015 10:46 PM

Are you using ldap://<ip/hostname>:636 or ldaps://<ip/hostname>:636 in the usersync configuration?

2,435 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎11-03-2015 10:46 PM

@hfaouaz@hortonworks.com

javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed

Is LDAPS in place? If yes then make sure you are using ldaps in url

2,436 Views
0 Kudos
0

avatar
author-rank hfaouaz
Rising Star

Created ‎11-03-2015 11:44 PM

@Neeraj Yes, I figure that much out and now its complaining about not finding the cert which I have imported into a truststore and pointing to it.

2,435 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎11-04-2015 01:04 AM

@hfaouaz@hortonworks.com Errors or log entries ..please

I am sure you did see this link

2,435 Views
0 Kudos
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements