Support Questions
Find answers, ask questions, and share your expertise

Ranger Admin give 401 error in ranger-usersync

Ranger Admin give 401 error in ranger-usersync

Hi All,

Trying to enable Ranger with AD and am getting issues with the usersync function. Below is the two errors, it seems like the user doing the sync is unable to authenticate to the Ranger Admin UI but dont know why. Anyone know how to fix this?

Ranger Admin Logs:

<IP-ADDRESS> - - [04/Apr/2019:14:59:06 +0000] "POST /service/xusers/ugsync/auditinfo/ HTTP/1.1" 401 - "-" "Java/1.8.0_191"

Ranger UserSync Logs:

04 Apr 2019 14:59:06 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add addorUpdate group user info
04 Apr 2019 14:59:06 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateGroup failed with exception: Failed to add addorUpdate group user info, for group: Role_Reader, users: [ssnape]
04 Apr 2019 14:59:06 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add User : 
com.sun.jersey.api.client.UniformInterfaceException: POST http://<IP-ADDRESS>:6080/service/xusers/ugsync/auditinfo/ returned a response status of 401 Unauthorized
    at com.sun.jersey.api.client.WebResource.handle(
    at com.sun.jersey.api.client.WebResource.access$200(
    at com.sun.jersey.api.client.WebResource$
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getUserGroupAuditInfo(
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$300(
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$
    at Method)
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addUserGroupAuditInfo(
    at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.postUserGroupAuditInfo(
    at org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(

I tried uninstalling and reinstalling the services and still no luck, also tried using just unix permissions and still can't connect. After digging around, I found that this setting looks like it could be wrong?


as if I try to access that keystore i get the following:

[root@uksddemgmthwx09-hg11]# ll /etc/ranger/admin/conf/ranger-admin-keystore.jks
ls: cannot access /etc/ranger/admin/conf/ranger-admin-keystore.jks: No such file or directory

Any help would be appreciated.