The documentation speaks about two configuration for Ranger with LDAP
What's the difference between these two steps? what the role of each configuration? is there a use case where we use different LDAPs for these two steps?
As mentioned in the previous answer...
1] Enterprise users (like user x) are sync'ed from LDAP to ranger via usersync. This is required for admins to define policies on resources for enterprise users.
2] If you also desire these enterprise users to be able to use their LDAP credentials to login to Ranger UI, then ranger admin authentication needs to be configured. Once this is done, user x can use LDAP credentials to login to Ranger UI.
Does that help?
yes, ranger user sync should be first configured to get the users into ranger and then configure ranger admin authentication
@Houssam Manik: The 2 links that you mentioned in your initial post are both part of configuring Usersync to work with LDAP (sync users to Ranger Admin from specified LDAP). Both have different properties that need to be filled.
is for setting up LDAP properties under Ambari UI->Services->Ranger->'Configs' section, next to 'summary' section-> 'advanced' tab' ->'Ranger User Info' tab.
is for setting up LDAP properties under Ambari UI->Services->Ranger->'Configs' section, next to 'summary' section-> 'advanced' tab' ->'LDAP Settings'. This section is where the properties need to be filled.
As for "if i want to configure Ranger Authentication with Ldap .. I need to configure user sync... Do this user sync can unix or it should be LDAP?", it should be LDAP if you intend to sync users into Ranger Admin using LDAP.
Selecting Unix will sync OS users into Admin.