I have a problem with usersync in Ranger with Active Directory in CDP 7.x and would like to confirm if I understand the workflow correctly below:
1. The Ranger usersync will pull the users and groups in Active Directory based on the user filter and group filter in the Ranger usersync configs.
2. Then we can see the AD users and groups in Ranger UI . We will need to assign roles/permissions in Ranger to these user groups to access hive tables or hdfs files.
3. But for these users to be able to login to Hue or access hive/hdfs we need additional steps:
a) Configure SSSD or Centrify to allow authentication of those AD users and groups in each CDP linux host
b) Configure Hue with LDAP/AD authentication so Hue will validate each user in AD during login.
Is my above understanding correct? Thanks!