Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger configuration: usersync vs authentication

Ranger configuration: usersync vs authentication

New Contributor

Hi,

The documentation speaks about two configuration for Ranger with LDAP

1- Usersync : http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_user_sync_setting...

2- Authentication : http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configure_ranger_authent...

What's the difference between these two steps? what the role of each configuration? is there a use case where we use different LDAPs for these two steps?

Thanks

9 REPLIES 9

Re: Ranger configuration: usersync vs authentication

@Houssam Manik the usersync is in order to assign policies to users/groups that exist in LDAP. The authentication is used as far as authenticating to the Ranger UI.

Re: Ranger configuration: usersync vs authentication

New Contributor

@slachterman So if I have user x in LDAP and I use usersync, I won't be able to login with user x Credentials ?

Re: Ranger configuration: usersync vs authentication

Right, not to the Ranger UI itself.

Re: Ranger configuration: usersync vs authentication

As mentioned in the previous answer...

1] Enterprise users (like user x) are sync'ed from LDAP to ranger via usersync. This is required for admins to define policies on resources for enterprise users.

2] If you also desire these enterprise users to be able to use their LDAP credentials to login to Ranger UI, then ranger admin authentication needs to be configured. Once this is done, user x can use LDAP credentials to login to Ranger UI.

Does that help?

Re: Ranger configuration: usersync vs authentication

New Contributor

@vperiasamy so for the ranger admin authentication, do i need to first configure ranger user sync or simply i can for ranger aunthentication for login into uI?

Re: Ranger configuration: usersync vs authentication

yes, ranger user sync should be first configured to get the users into ranger and then configure ranger admin authentication

Re: Ranger configuration: usersync vs authentication

New Contributor

@vperiasamy if i want to configure Ranger Authentication with Ldap .. I need to configure user sync... Do this user sync can unix or it should be LDAP?

Highlighted

Re: Ranger configuration: usersync vs authentication

Contributor

@Houssam Manik: The 2 links that you mentioned in your initial post are both part of configuring Usersync to work with LDAP (sync users to Ranger Admin from specified LDAP). Both have different properties that need to be filled.

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_user_sync_setting...

is for setting up LDAP properties under Ambari UI->Services->Ranger->'Configs' section, next to 'summary' section-> 'advanced' tab' ->'Ranger User Info' tab.

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configure_ranger_authent...

is for setting up LDAP properties under Ambari UI->Services->Ranger->'Configs' section, next to 'summary' section-> 'advanced' tab' ->'LDAP Settings'. This section is where the properties need to be filled.

As for "if i want to configure Ranger Authentication with Ldap .. I need to configure user sync... Do this user sync can unix or it should be LDAP?", it should be LDAP if you intend to sync users into Ranger Admin using LDAP.

Selecting Unix will sync OS users into Admin.

Re: Ranger configuration: usersync vs authentication

Contributor

@khadeer mhmd Usersync can sync users from Unix or LDAP