Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger AD/LDAP into unix groups

Labels:
avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎04-20-2016 02:30 AM

Does ranger creates unix groups during AD/LDAP sync? Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

1,500 Views
1 ACCEPTED SOLUTION

avatar
author-rank mthiele1
Contributor

Created ‎04-20-2016 01:41 PM

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

View solution in original post

1,288 Views
2 REPLIES 2

avatar
author-rank pvillard author-rank
Guru

Created ‎04-20-2016 08:35 AM

Hi Sunile,

I believe unix groups are not created during AD/LDAP sync with Ranger, however I think that if a policy cannot be checked with AD/LDAP, it will then be checked against unix groups before failing.

1,288 Views
0 Kudos

avatar
author-rank mthiele1
Contributor

Created ‎04-20-2016 01:41 PM

Does ranger creates unix groups during AD/LDAP sync?

No - the usersync just brings in the users and groups for you to see and to be able to create Ranger policy based on the known users and groups . It does not create them it just reads from your defined source be it unix , AD/LDAP .

Curious if the unix groups are used (based on sync) for authorization or native AD/LDAP groups.

You create policy and this will let you control access not authorization.

The underlying linux filesystem still needs to have SSSD or winBind/samba setup to show the same groups on the filesystem and the group names need to be the same . Ranger User sync will not create these groups in linux or hdfs.

1,289 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements