Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Help regarding - Configure Hadoop Group Mapping in core-site.xml

Help regarding - Configure Hadoop Group Mapping in core-site.xml

Contributor

Hi All,

I did integrate Ranger with AD ( no SSSD ) in our case but policies are not applied to members of group.

I am trying to configure hadoop group mapping in core-site.xml for AD.

Trying to follow the below link:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/setting_up_hadoop_group...

Can someone provide sample values for various properties mentioned in the above link.

This will help me.

Many thanks for your time and support.

2 REPLIES 2
Highlighted

Re: Help regarding - Configure Hadoop Group Mapping in core-site.xml

Contributor

We are using AD and tried to configure core-site.xml with the properties mentioned in the link but no luck :(

Highlighted

Re: Help regarding - Configure Hadoop Group Mapping in core-site.xml

Expert Contributor

@Sriram

Not sure if you are still looking for help here. If you configured ranger with AD/LDAP sync, then most of the properties in core-site.xml should be very similar. Following are the properties I generally add with sample values to the custom core-site.xml section in HDFS configuration in Ambari:

hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping

hadoop.security.group.mapping.ldap.base=dc=hortonworks,dc=com

hadoop.security.group.mapping.ldap.bind.password=<password>

hadoop.security.group.mapping.ldap.bind.user=cn=administrator,CN=Users,dc=hortonworks,dc=com

hadoop.security.group.mapping.ldap.search.attr.group.name=cn

hadoop.security.group.mapping.ldap.search.attr.member=member

hadoop.security.group.mapping.ldap.search.filter.group

=(objectclass=group)

hadoop.security.group.mapping.ldap.search.filter.user=(&(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))

hadoop.security.group.mapping.ldap.url=ldap://10.10.10.10:389

Don't have an account?
Coming from Hortonworks? Activate your account here