Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Unable to login in Ranger UI with Active Directory user

Hi, I am trying to login into Ranger UI with active directory users but I am not able to. However, I am able to login with default username:password - admin:admin. The error that I get when I try to login with an AD user is : "The username or password you entered is incorrect".

Also, I am able to successfully sync AD users in Ranger, i.e, I am able to see AD users in Users/Groups tab. That means, I am guessing whatever configurations I have done are correct. I think I am missing some configuration for UI login.

I am using Ambari version 2.2.2.0 and HDP version 2.4.3

Please suggest some solution.

Thanks.

1 ACCEPTED SOLUTION

Mentor

@Pooja Kamle

Ranger admin in HDP 2.5 has a new property for a truststore. So if using ldaps, you need to import the ldapserver cert to the ranger admin truststore , property name ranger.truststore.file. Although no log is being showed for failed connection to ldapserver, setting ranger to debug will show that ranger admin is not able to establish SSL connection to ldap server and there by not able to validate the user login.

usersync has similar property ranger.usersync.truststore.file which must already have ldap server cert in it,is usersync is working correctly?. If not use the same truststore file for ranger.truststore.file

Make sure that you set the UserSearchFilter as sAMAccountName={0} if using AD for ldap accounts.

View solution in original post

6 REPLIES 6

Mentor

@Pooja Kamle

Then I think you missed to toggle the Ranger Authentication to AD as shown in the attached screenshot

Ambari UI--->Ranger--->Configs--->Advanced--->AD

Revert

ad-ranger2.png

Hi @Geoffrey Shelton Okot

I have the proper settings. The authentication method is toggled to AD only.

Actually, I am getting following error when I try to login with an AD user.

error: "The username or password you entered is incorrect"

Mentor

@Pooja Kamle

Ranger admin in HDP 2.5 has a new property for a truststore. So if using ldaps, you need to import the ldapserver cert to the ranger admin truststore , property name ranger.truststore.file. Although no log is being showed for failed connection to ldapserver, setting ranger to debug will show that ranger admin is not able to establish SSL connection to ldap server and there by not able to validate the user login.

usersync has similar property ranger.usersync.truststore.file which must already have ldap server cert in it,is usersync is working correctly?. If not use the same truststore file for ranger.truststore.file

Make sure that you set the UserSearchFilter as sAMAccountName={0} if using AD for ldap accounts.

Hi @Geoffrey Shelton Okot

I set my UsearSearchFilter as sAMAccountName={0}. With this I am able to login with AD user. But, I can't see anything in the UI other than Access Manager tab. I am not sure how these permissions are set. Can you please provide some more information on this?

Mentor

@Pooja Kamle

That's is the desired presentation for a normal user. Unless you want your AD user(s) to have admin rights which will imply that your AD user can basically do anything in Ranger, delete,update etc which I don't think is your target.

You can you log out from your AD account and log on using admin/admin then under

Ranger_UI -->Settings---User under User List search for your AD user and change the role to Admin

Logout of admin account and log in using your AD user you will see that you have access to all the tabs.

Hope that answers you.

@Geoffrey Shelton Okot, Yes, that answers my doubt. Thank you so much for your response.