Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger Usersync Group Permissions and Mapping issue - AD and SSSD

Highlighted

Ranger Usersync Group Permissions and Mapping issue - AD and SSSD

Contributor

I have an issue in our environment for AD groups via usersync: we are thinking to usersync ranger with AD; below is the issue I have:

AD group name: cfyG_GG-HDP_HadoopAdmins

SSD mapped group on linux machine: hadoopadmin

This command yields $hdfs groups hdpadmin

hdpadmin : hdpadmin hadoopadmin hadoopdev hadoopusers

------------------

Now the problem is I can save the AD group to lower case in ranger as : cfyg_gg-hdp_hadoopadmins

but, if I use this group to give permission it wont work, since the linux group name is hadoopadmin, as mapped in SSSD. How can I over come this issue?

any help is appreciated.

Suri

1 REPLY 1

Re: Ranger Usersync Group Permissions and Mapping issue - AD and SSSD

Expert Contributor

@Surya Nuthalapati,

As you know user/group names in ranger should match the ones used by hadoop for authorization to work. In this case, since the group names mapped by SSSD are different from the ones in AD, ranger usersync can configured to sync from SSSD instead. Ranger introduced the support of syncing from SSSD as part of https://issues.apache.org/jira/browse/RANGER-827

Thanks,

Sailaja.

Don't have an account?
Coming from Hortonworks? Activate your account here