Support Questions
Find answers, ask questions, and share your expertise

Ranger Usersync Group Permissions and Mapping issue - AD and SSSD


I have an issue in our environment for AD groups via usersync: we are thinking to usersync ranger with AD; below is the issue I have:

AD group name: cfyG_GG-HDP_HadoopAdmins

SSD mapped group on linux machine: hadoopadmin

This command yields $hdfs groups hdpadmin

hdpadmin : hdpadmin hadoopadmin hadoopdev hadoopusers


Now the problem is I can save the AD group to lower case in ranger as : cfyg_gg-hdp_hadoopadmins

but, if I use this group to give permission it wont work, since the linux group name is hadoopadmin, as mapped in SSSD. How can I over come this issue?

any help is appreciated.



Expert Contributor

@Surya Nuthalapati,

As you know user/group names in ranger should match the ones used by hadoop for authorization to work. In this case, since the group names mapped by SSSD are different from the ones in AD, ranger usersync can configured to sync from SSSD instead. Ranger introduced the support of syncing from SSSD as part of



Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.