Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Using groups from LDAP in ranger - does not work

Highlighted

Re: Using groups from LDAP in ranger - does not work

Expert Contributor

@Alexandre Carvalho

Yep. I had to setup SSSD on the machines running Ranger & hiveserver2 (used the following articles for help)

http://jhrozek.livejournal.com/3581.html
http://jhrozek.livejournal.com/3195.html

Also you need to make sure that all your group configs in Ranger are 100% accurate and correlate with your AD.
In Ranger don't forget to switch on "Enable Group Sync".

Re: Using groups from LDAP in ranger - does not work

New Contributor

Hi @Adi Jabkowsky , I am also facing the issue related to the policy on group. I have sync the users/groups from LDAP server. The ranger policy is working correct with users, but not with groups.

Re: Using groups from LDAP in ranger - does not work

Expert Contributor

Hi @Anjali Shevadkar
Please make sure
1. SSSD is configured and running.
2. The user for which group is not working DOES NOT exist in the server as a local user (check /etc/passwd)
In order to check if sssd is running run "id <username>" on the machine in which hiverserver2 is running.
You should see all of the AD groups that belong to that user, if not - then sssd is not configured correctly.

Good luck !
Adi