Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger UserSync - Multiple Group Setup

Highlighted

Ranger UserSync - Multiple Group Setup

Contributor

HDP-2.3.4.0-3485, Ambari 2.2.0.0, Ranger 0.5.0.2.3, LDAPS:636 + AD

I already referred: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_Install_Guide/content/ranger-user...

-------------------------------------------------------------------------------------------

I need steps to setup multiple groups and want to ranger usersync fetch only for users in those groups from LDAPS+AD.

LDAP Url: ldaps://host.zz.com:636

bind id: cn=ranger_ldap,ou=Applications,o=zz.com

users base: uid={0},ou=People,o=zz.com

group base: (|(cn=ABC,ou=Groups,o=zz.com)(cn=xyz,ou=Groups,o=zz.com)

If I do ldapsearch for a group cn=ABC, I can see list of users as:

member: uid=efg@zz.com,ou=People,o=zz.com

member: uid=hij@zz.com,ou=People,o=zz.com

It would be great, if we can have screen shot from Ranger Config UI

4 REPLIES 4

Re: Ranger UserSync - Multiple Group Setup

@Sushil Saxena

See this https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Ranger_Install_Guide/content/ranger_user...

User Search FilterOptional additional filter constraining the users selected for syncing.Sample filter to retrieve all the users: cn=*

Sample filter to retrieve all the users who are members of groupA or groupB: (|(memberof=CN=GroupA,OU=groups,DC=example,DC=com)(memberof=CN=GroupB,OU=groups,DC=example,DC=com))

Re: Ranger UserSync - Multiple Group Setup

Contributor

I tried this also. didn;t worked for me.

Re: Ranger UserSync - Multiple Group Setup

Contributor

Neeraj Sabharwal

Please see Ranger Config Screenshots for the configuration setup. Please correct where I am wrong.

2419-commonconfig.png

2420-userconfig.png

2421-groupconfig.png

Re: Ranger UserSync - Multiple Group Setup

Contributor

@Neeraj Sabharwal @Ali Bajwa @Junichi Oda

LDAPS search query to list users within groups

---------------------------------------------------------------

ldapsearch -x -H ldaps://zz.com:636 -b "o=zz.com" -D "cn=ranger_ldap,ou=Applications,o=zz.com" -W "(&(objectclass=groupOfNames)(cn=edl_*))" member

LDAPS Search Response with users within each group

---------------------------------------------------------------------

# edl_sales_itg, Groups, zz.com dn: cn=edl_sales_itg,ou=Groups,o=zz.com

member: uid=abc@zz.com,ou=People,o=zz.com

# edl_sc_itg, Groups, zz.com dn: cn=edl_sc_itg,ou=Groups,o=zz.com

member: uid=xyz@zz.com,ou=People,o=zz.com

---------------------------------------------------------------------------------------------------------------------

Please let me know what should be my settings under user config for the following, so that I can fetch only users with are belongs to the cn=edl_* groups (Note: Using usersync, I am able to fetch limited group names):

Username Attribute = uid

User Object Class = person

User Search Filter = ??

User Group Name Attribute = ??

User Search Scope = sub

User Search Base = zz.com