Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger AD usersync : ERROR UserGroupSync [UnixUserSyncThread] Connection refused

Labels:
avatar
author-rank kamlepooja_raje
Rising Star

Created ‎07-13-2017 11:45 AM

Hi, I am trying to do Ranger AD usersync (HDP version: 2.4.3 and Ambari version: 2.2.2.0) . When I try to do it manually from Ambari UI or pass the configuration through the blueprint, I get following error:

ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)

Not sure, where the problem is. Ping and telnet to the AD server is also successful.

Also, LDAP cert was loaded into a trustStore using following command:

keytool -import -trustcacerts -alias myldap1 -file mycertfile.pem -keystore /etc/pki/java/cacerts

Any solution please?

Attaching usersync.log file.usersync.txt

Preview file
24 KB
5,573 Views
1 ACCEPTED SOLUTION

avatar
author-rank spolavarapu author-rank
Expert Contributor

Created ‎07-14-2017 07:36 PM

@Pooja Kamle

From the posted usersync logs, it looks like the communication between ranger admin and ranger usersync is failing. Do you have https enabled for ranger admin? If so, please add the ranger admin cert to usersync trust store.

Usersync contacts ranger admin (database) to update the users and groups that are sync'd from AD.

View solution in original post

5,053 Views
0 Kudos
5 REPLIES 5

avatar
author-rank dsharma author-rank
Guru

Created ‎07-14-2017 06:34 AM

can you please post the configuration that you gave in ranger usersync config ?

did you specify ldap/ldaps protocol and correct port while configuring usersync

5,053 Views

avatar
author-rank kamlepooja_raje
Rising Star

Created ‎07-14-2017 07:13 AM

@Deepak Sharma Thanks for your reply. Following are my usersync configs:

Sync Source: LDAP/AD

LDAP/AD URL: ldaps://<server>:636

Authentication method: ACTIVE_DIRECTORY

Username Attribute: cn

User Object Class: user

User Search Filter: cn=*

User Search Scope: sub

User Group Name Attribute: memberof

Group Member Attribute: member

Group Name Attribute: cn

Group Object Class: group

Group Search Filter: cn=*

Also, these configs worked with a different Ranger that I had configured before wit the same LDAP cert file. But now I don't understand what the issue is.

5,053 Views
0 Kudos

avatar
author-rank rbiswas1
Guru

Created ‎07-14-2017 07:33 PM

Hi @Pooja Kamle

Can you check and post the permissions on these two files:

/usr/hdp/current/ranger-usersync/conf/ugsync.jceks
/usr/hdp/current/ranger-usersync/conf/.ugsync.jceks.crc

Also check the permissions of these two files on the other ranger that is working and verify if they are the same.

5,053 Views
0 Kudos

avatar
author-rank spolavarapu author-rank
Expert Contributor

Created ‎07-14-2017 07:36 PM

@Pooja Kamle

From the posted usersync logs, it looks like the communication between ranger admin and ranger usersync is failing. Do you have https enabled for ranger admin? If so, please add the ranger admin cert to usersync trust store.

Usersync contacts ranger admin (database) to update the users and groups that are sync'd from AD.

5,054 Views
0 Kudos

avatar
author-rank kamlepooja_raje
Rising Star

Created ‎07-17-2017 02:09 PM

I found the issue. My Ranger admin and ranger database reside on different nodes. I was giving the database host instead of Ranger admin host in "policymgr_external_url" property. Correcting it solved the issue. Thanks for your reply.

5,053 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements