Support Questions
Find answers, ask questions, and share your expertise

Ranger AD/LDAP into unix groups

Solved Go to solution

Ranger AD/LDAP into unix groups

Super Guru

Does ranger creates unix groups during AD/LDAP sync? Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ranger AD/LDAP into unix groups

Explorer

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

View solution in original post

2 REPLIES 2

Re: Ranger AD/LDAP into unix groups

Hi Sunile,

I believe unix groups are not created during AD/LDAP sync with Ranger, however I think that if a policy cannot be checked with AD/LDAP, it will then be checked against unix groups before failing.

Re: Ranger AD/LDAP into unix groups

Explorer

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

View solution in original post