Re: Ranger with ldap permission error - Cloudera Community

darouwan · ‎03-20-2018

I am trying to integrate ldap with ranger. I have set properties as other system, but usersync still outputs the following error info:

LdapDeltaUserGroupBuilders.getUsers() failed with exception: javax.naming.NopermissionException:[LDAP: error code 50 - The request control with Object Identifiers (OID) 1.2.**** cannot be used due to insufficient access rights]

I just set the common configs and user configs, and leave group configs blank.

How to solve it?

spolavarapu · ‎03-21-2018

@Junfeng Chen,

From the posted log message, looks like you have enabled "Incremental Sync" during which the group config is mandatory. Not sure what exactly you mean by "leave group configs blank". This is not supported configuration. For more details on "Incremental Sync", please refer to https://issues.apache.org/jira/browse/RANGER-1211

Also, please refer to below article on how to configure ranger usersync for integrating with AD/LDAP.

https://community.hortonworks.com/articles/105620/configuring-ranger-usersync-with-adldap-for-a-comm...

Hope this helps.

Thanks,

Sailaja

darouwan · ‎03-22-2018

@spolavarapu Thanks, I am reading the article you gave.

“leave group configs blank” means I disabled the group sync.