Ranger with Active Directory questions

localscripte · ‎06-01-2017

I'm trying to sync my lab cluster to AD and am having some issues.

I have users in OU=people,DC=hadooper,DC=com

I have a seperate OU containing the groups I want to sync to Ranger OU=HadoopGroup,DC=hadooper,DC=com

I only want to sync users that have membership to the groups found in the seperate OU, how do I do this? Currently I have my user search base set to the hadoop group OU, but I'm not getting results in Ranger. While tailing the usersync logs I do see that it is able to see the groups (I can see the group names and user names listed in the logs) but it is not in the UI. Maybe my settings are wrong? Screenshots attached.

spolavarapu · ‎06-01-2017

@Kevin Major

I see only the group config in the screen shot. But from your description, you mentioned that your users are in OU=people,DC=hadooper,DC=com. Based on this the user search base should be set to "OU=people,DC=hadooper,DC=com".

For similar use case, please refer to this article:

https://community.hortonworks.com/articles/105620/configuring-ranger-usersync-with-adldap-for-a-comm...