Support Questions
Find answers, ask questions, and share your expertise

Using groups from LDAP in ranger - does not work

Highlighted

Re: Using groups from LDAP in ranger - does not work

Expert Contributor

@Alexandre Carvalho

Yep. I had to setup SSSD on the machines running Ranger & hiveserver2 (used the following articles for help)

http://jhrozek.livejournal.com/3581.html
http://jhrozek.livejournal.com/3195.html

Also you need to make sure that all your group configs in Ranger are 100% accurate and correlate with your AD.
In Ranger don't forget to switch on "Enable Group Sync".

Re: Using groups from LDAP in ranger - does not work

Hi @Adi Jabkowsky , I am also facing the issue related to the policy on group. I have sync the users/groups from LDAP server. The ranger policy is working correct with users, but not with groups.

Highlighted

Re: Using groups from LDAP in ranger - does not work

Expert Contributor

Hi @Anjali Shevadkar
Please make sure
1. SSSD is configured and running.
2. The user for which group is not working DOES NOT exist in the server as a local user (check /etc/passwd)
In order to check if sssd is running run "id <username>" on the machine in which hiverserver2 is running.
You should see all of the AD groups that belong to that user, if not - then sssd is not configured correctly.

Good luck !
Adi

Highlighted

Re: Using groups from LDAP in ranger - does not work

New Contributor

Please check if the group name in your AD is lowercase. I have had the same issue and the problem was that 

Highlighted

Re: Using groups from LDAP in ranger - does not work

Explorer

And what to do, if not? I tried to check lowercase option in Ranger, but no lock. Btw, my usr exists on server. Why is this a problem? Could @DOMAIN be the problem after the groups using th id command? Or it doesn't matter.