Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger AD usersync : ERROR UserGroupSync [UnixUserSyncThread] Connection refused

avatar
Rising Star

Hi, I am trying to do Ranger AD usersync (HDP version: 2.4.3 and Ambari version: 2.2.2.0) . When I try to do it manually from Ambari UI or pass the configuration through the blueprint, I get following error:

ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)

Not sure, where the problem is. Ping and telnet to the AD server is also successful.

Also, LDAP cert was loaded into a trustStore using following command:

keytool -import -trustcacerts -alias myldap1 -file mycertfile.pem -keystore /etc/pki/java/cacerts

Any solution please?

Attaching usersync.log file.usersync.txt

1 ACCEPTED SOLUTION

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar

can you please post the configuration that you gave in ranger usersync config ?

did you specify ldap/ldaps protocol and correct port while configuring usersync

avatar
Rising Star

@Deepak Sharma Thanks for your reply. Following are my usersync configs:

Sync Source: LDAP/AD

LDAP/AD URL: ldaps://<server>:636

Authentication method: ACTIVE_DIRECTORY

Username Attribute: cn

User Object Class: user

User Search Filter: cn=*

User Search Scope: sub

User Group Name Attribute: memberof

Group Member Attribute: member

Group Name Attribute: cn

Group Object Class: group

Group Search Filter: cn=*

Also, these configs worked with a different Ranger that I had configured before wit the same LDAP cert file. But now I don't understand what the issue is.

avatar

Hi @Pooja Kamle

Can you check and post the permissions on these two files:

/usr/hdp/current/ranger-usersync/conf/ugsync.jceks
/usr/hdp/current/ranger-usersync/conf/.ugsync.jceks.crc

Also check the permissions of these two files on the other ranger that is working and verify if they are the same.

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Rising Star

I found the issue. My Ranger admin and ranger database reside on different nodes. I was giving the database host instead of Ranger admin host in "policymgr_external_url" property. Correcting it solved the issue. Thanks for your reply.