Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

[Ranger] How to connect ldap server with HDP 2.3.4 and ambari 2.1.1.

Labels:
avatar
author-rank archerhuang
Explorer

Created on ‎02-03-2016 10:15 AM - edited ‎08-19-2019 03:20 AM

HDP version: 2.3.4

Ambari: 2.1.1

First, I installed ranger service on ambari. Then I refer to the HDP document https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_Install_Guide/content/configuring... and

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_Install_Guide/content/ranger-user...

I set several sections of ranger on ambari.

Such as "Ranger Setting"

1744-1.png

"LDAP Settings"

1745-2.png

"Advanced ranger-ugsync-site".

1746-3.png

Unfortunately, when I login the ranger UI(http://RANGER_IP:6080), I could not see any user or group from my ldap server.

1748-4.png

In addition, if I set those configurations successfully, how can I verify it ?

I Only verify in user/group page on Ranger UI. It is true?

If the Hue service connect to ldap server, we only login from our accounts of ldap server.

Does the ranger UI offers this method of verification ?

1,473 Views
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-03-2016 10:43 AM

@Archer Huang

You should see usersync process installed. Login to that node and look for logs under /var/log/ranger/usersync

There is a file called usersync.log and it will have all the entries coming in from AD.

Ranger UI will have all the sync users once its synced.

Now, You need to check the setting in Ambari to make sure that OU and other paramaeters are correct.

Ranger logs will you the information on why sync is not happening.

View solution in original post

1,123 Views
0 Kudos
2 REPLIES 2

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-03-2016 10:43 AM

@Archer Huang

You should see usersync process installed. Login to that node and look for logs under /var/log/ranger/usersync

There is a file called usersync.log and it will have all the entries coming in from AD.

Ranger UI will have all the sync users once its synced.

Now, You need to check the setting in Ambari to make sure that OU and other paramaeters are correct.

Ranger logs will you the information on why sync is not happening.

1,124 Views
0 Kudos

avatar
author-rank archerhuang
Explorer

Created ‎02-05-2016 03:41 AM

Hi @Neeraj Sabharwal

I already resolved this problem by your suggestion.

The points of key are the following columns in Advanced ranger-ugsync-site.

ranger.usersync.source.impl.class org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
ranger.usersync.sink.impl.class org.apache.ranger.ldapusersync.process.PolicyMgrUserGroupBuilder

There are no hints on the HDP 2.3.2 document.

After these configuration, I could see the users of ldap server on my reanger UI.

Thanks.

1,123 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements