Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

[Ranger] How to connect ldap server with HDP 2.3.4 and ambari 2.1.1.

avatar
Explorer

HDP version: 2.3.4

Ambari: 2.1.1

First, I installed ranger service on ambari. Then I refer to the HDP document https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_Install_Guide/content/configuring... and

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_Install_Guide/content/ranger-user...

I set several sections of ranger on ambari.

Such as "Ranger Setting"

1744-1.png

"LDAP Settings"

1745-2.png

"Advanced ranger-ugsync-site".

1746-3.png

Unfortunately, when I login the ranger UI(http://RANGER_IP:6080), I could not see any user or group from my ldap server.

1748-4.png

In addition, if I set those configurations successfully, how can I verify it ?

I Only verify in user/group page on Ranger UI. It is true?

If the Hue service connect to ldap server, we only login from our accounts of ldap server.

Does the ranger UI offers this method of verification ?

1 ACCEPTED SOLUTION

avatar
Master Mentor
@Archer Huang

You should see usersync process installed. Login to that node and look for logs under /var/log/ranger/usersync

There is a file called usersync.log and it will have all the entries coming in from AD.

Ranger UI will have all the sync users once its synced.

Now, You need to check the setting in Ambari to make sure that OU and other paramaeters are correct.

Ranger logs will you the information on why sync is not happening.

View solution in original post

2 REPLIES 2

avatar
Master Mentor
@Archer Huang

You should see usersync process installed. Login to that node and look for logs under /var/log/ranger/usersync

There is a file called usersync.log and it will have all the entries coming in from AD.

Ranger UI will have all the sync users once its synced.

Now, You need to check the setting in Ambari to make sure that OU and other paramaeters are correct.

Ranger logs will you the information on why sync is not happening.

avatar
Explorer

Hi @Neeraj Sabharwal

I already resolved this problem by your suggestion.

The points of key are the following columns in Advanced ranger-ugsync-site.

ranger.usersync.source.impl.class org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
ranger.usersync.sink.impl.class org.apache.ranger.ldapusersync.process.PolicyMgrUserGroupBuilder

There are no hints on the HDP 2.3.2 document.

After these configuration, I could see the users of ldap server on my reanger UI.

Thanks.