Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger - Usersync does not work with LDAPS


Ranger - Usersync does not work with LDAPS


Dear Community Members,

We have just enabled, SSL on ranger and Ambari , ranger-admin and ambari just works fine as well, although we are not able to make usersync working with LDAPS since we are constantly getting the following PKIX path building failed: unable to find valid certification path to requested target

We have followed the official HDP documentation placed here:

Also tried the following article:

This is also a bug: but should have been resolved.

The certificates looks fine since we enabled other HTTPS services also with the same certificates, our cacert file is located at the following path: /etc/pki/ca-trust/extracted/java/cacerts

Following has been set for the ranger.usersync.truststore.file=/etc/pki/ca-trust/extracted/java/cacerts

HDP version:

Ranger version: 0.7

Any hints or pointer will be appreciated, thanks in advance.

Cheers !



Re: Ranger - Usersync does not work with LDAPS


Hi @Hammad Ali,

That error seems to be because you are not using the correct SSL certificates for your AD/LDAP.

Assuming that you have a separate AD/LDAP instance, that AD/LDAP has is own SSL certificates and you should be using that specific SSL certificates and not the SSL certificates that you used to enable HTTPS.

Create a new key store and import all the public key certificates of the AD/LDAP including the CA and Intermediate of that SSL's.

Then update the following properties in "Advanced ranger-ugsync-site" in Ranger service:


Restart Ranger service.


Don't have an account?
Coming from Hortonworks? Activate your account here