Help regarding - Configure Hadoop Group Mapping in core-site.xml

sriramhadoop27 · ‎09-06-2018

Hi All,

I did integrate Ranger with AD ( no SSSD ) in our case but policies are not applied to members of group.

I am trying to configure hadoop group mapping in core-site.xml for AD.

Trying to follow the below link:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/setting_up_hadoop_group...

Can someone provide sample values for various properties mentioned in the above link.

This will help me.

Many thanks for your time and support.

sriramhadoop27 · ‎09-06-2018

We are using AD and tried to configure core-site.xml with the properties mentioned in the link but no luck 😞

spolavarapu · ‎09-10-2018

@Sriram

Not sure if you are still looking for help here. If you configured ranger with AD/LDAP sync, then most of the properties in core-site.xml should be very similar. Following are the properties I generally add with sample values to the custom core-site.xml section in HDFS configuration in Ambari:

hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping

hadoop.security.group.mapping.ldap.base=dc=hortonworks,dc=com

hadoop.security.group.mapping.ldap.bind.password=<password>

hadoop.security.group.mapping.ldap.bind.user=cn=administrator,CN=Users,dc=hortonworks,dc=com

hadoop.security.group.mapping.ldap.search.attr.group.name=cn

hadoop.security.group.mapping.ldap.search.attr.member=member

hadoop.security.group.mapping.ldap.search.filter.group

=(objectclass=group)

hadoop.security.group.mapping.ldap.search.filter.user=(&(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))

hadoop.security.group.mapping.ldap.url=ldap://10.10.10.10:389