Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Issue in Ranger while Sync with ldap users.

Issue in Ranger while Sync with ldap users.

New Contributor

I try to sync Ranger with LDAP users. I follow this link https://community.hortonworks.com/articles/16696/ranger-ldap-integration.html. I follow all steps that whatever given in the link, but even so I can't view LDAP users on the Ranger. I attach LDAP conf on Ambari(below picture)10850-ambari-sandbox-6.jpg

10851-ambari-sandbox-7.jpg

10852-ambari-sandbox-8.jpg

10853-ambari-sandbox-9.jpg

10854-ambari-sandbox-10.jpg

21 REPLIES 21

Re: Issue in Ranger while Sync with ldap users.

Expert Contributor

The "Bind User" DN does not look right . Its set to "dc=hadoop,dc=apache,dc=org" whereas your "User Search Base" and "Group Search Base" is set to "dc=hortonworks,dc=com". Please cross verify that . This will need to be set up as "cn=Manager,dc=hortonworks,dc=com" according to the link provided.

Also check first if LDAP is running fine or not ? Run the command below to see if LDAP is up and running :

lsof -i:389

netstat -anp | grep 389

Re: Issue in Ranger while Sync with ldap users.

New Contributor

I change "User Search Base" and "Group Search Base" as "dc=hadoop,dc=apache,dc=org" and restart Ranger but still I can't view Ldap users in Ranger. If I run this command "netstat -anp | grep 389" it shows me like below in picture

10858-screenshot-from-2016-12-28-123320.png

Re: Issue in Ranger while Sync with ldap users.

Expert Contributor

Do not change the "User Search Base" and "Group Search Base" to "dc=hadoop,dc=apache,dc=org". My suggestion was to update the "Bind User" DN to "cn=Manager,dc=hortonworks,dc=com"

Re: Issue in Ranger while Sync with ldap users.

New Contributor

Yes, I update, but still issue is not over

Re: Issue in Ranger while Sync with ldap users.

can you please check if ldap server is up and running , and please check usersync.log what error it is having ?

Re: Issue in Ranger while Sync with ldap users.

New Contributor

I attach my log file

Re: Issue in Ranger while Sync with ldap users.

you can see this error in usersync logs, looks like Ldap server is not running at all, can you please setup the LDAP and then try ?

javax.naming.CommunicationException: 127.0.0.1:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
	at javax.naming.InitialContext.init(InitialContext.java:244)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:147)
	at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.getUsers(LdapUserGroupBuilder.java:377)
	at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:302)
	at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at java.net.Socket.connect(Socket.java:538)
	at java.net.Socket.<init>(Socket.java:434)
	at java.net.Socket.<init>(Socket.java:211)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:363)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
	... 17 more

Re: Issue in Ranger while Sync with ldap users.

New Contributor

I have already made LDAP setup

10863-screenshot-from-2016-12-28-153807.png

Highlighted

Re: Issue in Ranger while Sync with ldap users.

New Contributor

Are you sure the port is correct? 33389? Default is 389. Also the Manager DN looks very wrong. Have you configured your own AD/LDAP server or are you using a corporate server. If using your companies AD/LDAP I can almost 100% say it wont have a DC=hadoop,DC=apache,DC=org should be your company domain name.

Don't have an account?
Coming from Hortonworks? Activate your account here