Created 06-20-2017 12:04 PM
Hi,
I have a strange problem. I have configured Ranger Usersync with AD and it works good. All groups, users and group membership are synced correctly. Problem scenario: user1 belongs to groups group1 and group2. When I create policy (no matter what kind of - hdfs, hive, hbase) for group1, user1 has access. But when I create policy for group2, user1 does not have access. Both groups are returned when I run "hdfs groups user1". In Ranger GUI user1 belongs to both groups. The cluster was Kerberized one week ago, and I do not remember if both groups were working before Kerberos. HDP2.5 and Ranger 0.6.0. This is not a sandbox cluster. There are no errors in ranger/usersync logs.
Do you have any ideas?
Created 06-20-2017 03:08 PM
The problem was with case conversion. I got firstly Upper case conversion for groups, then created some policies, then changed to none conversion, but in .json files were still appearing Upper case converted group names
Created 06-20-2017 03:08 PM
The problem was with case conversion. I got firstly Upper case conversion for groups, then created some policies, then changed to none conversion, but in .json files were still appearing Upper case converted group names
Created 05-28-2018 01:56 PM
Can you specify the location of json files which needs to be checked.