Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Why does hdp (3.1.0) Ambari Ranger user configs docs UI look different than actual UI (AD, LDAP, AD/LDAP)

Why does hdp (3.1.0) Ambari Ranger user configs docs UI look different than actual UI (AD, LDAP, AD/LDAP)

Rising Star

Looking at the HDP docs for using AD or LDAP for Ranger in Ambari (https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/configuring-ranger-authe-with-unix-ldap-ad/con...), AD and LDAP appear to be treated as separate things (ie. are two different options):

Capture.PNG

Yet, when looking at the UI in my actual HDP (3.1.0.0-78) installation, it is shown as a single option "AD/LDAP" (which to me makes more sense, since LDAP is just a protocol to communicate with AD (not much experience with AD but that is what is seems to me)). 

Capture.PNG

Can anyone with more LDAP/AD experience explain the difference? Anyone know the difference between using LDAP vs AD for Ranger integration?

1 REPLY 1
Highlighted

Re: Why does hdp (3.1.0) Ambari Ranger user configs docs UI look different than actual UI (AD, LDAP, AD/LDAP)

Expert Contributor

Hi @rvillanueva 

 

As highlighted by you both screenshots/settings highlighted for AD/LDAP within Ranger differs. Please check below -

 

  1. Ranger Authentication For WebUI :
    ranger_authentication.png
    The above screenshot describes how to configure the authentication method that determines who is allowed to login to the "Ranger web interface". So if you integrate Ranger with either LDAP/AD then users are LDAP or AD can be used to login to Ranger WebUI with respective credentials.
    The setting are configured via Ambari as below -
    Ambari Login->Services->Ranger->Configs->Advance->" Ranger Settings"
  2. Ranger Authentication for UNIX:
    ranger_authentication1.png
    The above setting configure Ranger to use Unix for user authentication. Which means user integrated from AD/LDAP can be configured within new/existing policies [within existing repositories created eg. HDFS, YARN] and access policies can be defined for those users as shown in screenshot below -
    ranger_authentication2.png
    If the AD/LDAP is not integrated for Ranger UNIX authentication the user will not be fetch/displayed in above "select user".
    This settings are configured as -

    Ambari Login->Services->Ranger->Configs->"Ranger User Info""

    Let me know if that clears the difference.
Don't have an account?
Coming from Hortonworks? Activate your account here