External users in Apache Ranger

farrukhmuneer · ‎11-21-2017

Hi,

I have successfully link my ranger with AD. Can someone please let me know how can I add Aactive Directory users in my ranger? If I click add new user in the ranger it asks me user detail with password. But if it is AD user then it should not ask password. I could not find out easy way to create or load active director users in ranger. Once I do, then I want to add that users in the group which I created in the Active directory. Afterwards., I want to apply a policy on that group. Please let me know the step by step process in order to achieve above mentioned goals?

ahadjidj · ‎11-25-2017

Hi @Farrukh Munir

You should configure Ranger User Sync : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/ranger_user_sync_ldap_a...

farrukhmuneer · ‎11-25-2017

Hi,

I have done it. I am under ou=users in active directory but Ranger has connected under ou=Hadoop. IT has created a user and add in me in that group and assigned ou=Hadoop to that group. But still I cannot see myself even after syncing.

If they create a user directly under ou=Hadoop then as soon as Ranger syncs, I can see in Ranger admin.

Please let me know, how can i resolve this?

Best Regards

pchaudhari · ‎03-16-2018

Check Ranger User sync config. You'd be able to configure the user (as well as group) search base and accordingly Ranger User sync will be able to pull from ou=users.

spolavarapu · ‎03-21-2018

@Farrukh Munir

Ranger Usersync supports configuring multiple OUs. Please refer to this JIRA for more info https://issues.apache.org/jira/browse/RANGER-803

For more details on various options supported by Ranger Usersync with AD/LDAP as sync source, please refer to

https://community.hortonworks.com/content/kbentry/105623/various-options-supported-in-ranger-usersyn...

Thanks,

Sailaja