Support Questions

LaurisG_ · ‎05-26-2026

Hello Cloudera Community,

During the same Test cluster upgrade from Cloudera Runtime 7.1.9 to 7.3.2.0 GA (before Prod rollout), we encountered a persistent issue with Ranger UserSync, which we were not able to resolve using supported configuration or migration steps.

Environment

Original Runtime: 7.1.9

Upgraded Runtime: 7.3.2.0 (GA)

Parcel: CDH-7.3.2-1.cdh7.3.2.p0.77083870

Cloudera Manager: 7.11.3

OS: RHEL / Oracle Linux 8.7

Authentication: LDAP / Kerberos

Upgrade type: Test cluster before Prod

After upgrade to 7.3.2.0, Ranger UserSync and RMS does not start, while Ranger Admin and Ranger Tagsync starts and works normally.

UserSync fails immediately with error:

Error: Could not find or load main class

org.apache.ranger.authentication.UnixAuthenticationService

Caused by: java.lang.ClassNotFoundException

We tried all supported and commonly recommended remediation steps:

Deleting the existing Ranger UserSync role (originally created on 7.1.9);

Re‑creating a new Ranger UserSync role;

Configuring LDAP‑based UserSync in Cloudera Manager;

Removing all legacy UNIX / PAM references from configuration;

Reinstalling and redistributing parcels;

Restarting CM agents and services;

Moving UserSync role to another host;

Result: UserSync continues to fail with the same error.

While investigating the runtime, we found the following in the 7.3.2 UserSync parcel:

$CDH/lib/ranger-usersync/install.properties

SYNC_SOURCE = unix

I think this indicates that Ranger UserSync still initializes in UNIX mode at parcel/bootstrap level.

However, in 7.3.x:

UNIX / PAM‑based UserSync is no longer supported

Required UNIX authentication classes are removed

At runtime, UserSync still attempts to load:

org.apache.ranger.authentication.UnixAuthenticationService

which no longer exists

Changing install.properties does not affect runtime behavior, indicating that SYNC_SOURCE is not re‑evaluated at service start.

Questions:

Can this be confirmed as a known issue or limitation in 7.3.2.0 GA?

Is a 7.3.2.x Runtime CHF planned to fix UserSync initialization?

Should legacy UserSync roles be explicitly flagged during 7.1.x → 7.3.x upgrades?

TIA and have a good day!

vafs · ‎05-26-2026

Hello @LaurisG_,

Thanks for being part of our community.

I was reading through the issue and found a similar issue reported before.

The issue was an unsupported Cloudera Manager used for the Runtime.
And in your scenario, this is happening too.
You mentioned you have Cloudera Manager 7.11.3, but this version does not support Cloudera Runtime 7.3.2.
That could cause the issue you're seeing.

You should be using Cloudera Manager 7.13.2, as that is the supported version for your Runtime.
https://docs.cloudera.com/cdp-private-cloud-base/7.3.2/cdp-private-cloud-base-installation/topics/cm...
https://supportmatrix.cloudera.com/

Try upgrading the CM and then retry the Role start.

Regards,
Andrés Fallas
--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs-up button.

Support Questions

Ranger UserSync and RMS fails after upgrade 7.1.9 → 7.3.2.0 GA