Created on - last edited on by
ask_bill_brooks
Looking at the HDP docs for using AD or LDAP for Ranger in Ambari (https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/configuring-ranger-authe-with-unix-ldap-ad/con...), AD and LDAP appear to be treated as separate things (ie. are two different options):
Yet, when looking at the UI in my actual HDP (3.1.0.0-78) installation, it is shown as a single option "AD/LDAP" (which to me makes more sense, since LDAP is just a protocol to communicate with AD (not much experience with AD but that is what is seems to me)).
Can anyone with more LDAP/AD experience explain the difference? Anyone know the difference between using LDAP vs AD for Ranger integration?
Hi @rvillanueva
As highlighted by you both screenshots/settings highlighted for AD/LDAP within Ranger differs. Please check below -
- Ranger Authentication For WebUI :
The above screenshot describes how to configure the authentication method that determines who is allowed to login to the "Ranger web interface". So if you integrate Ranger with either LDAP/AD then users are LDAP or AD can be used to login to Ranger WebUI with respective credentials.
The setting are configured via Ambari as below -
Ambari Login->Services->Ranger->Configs->Advance->" Ranger Settings" - Ranger Authentication for UNIX:
The above setting configure Ranger to use Unix for user authentication. Which means user integrated from AD/LDAP can be configured within new/existing policies [within existing repositories created eg. HDFS, YARN] and access policies can be defined for those users as shown in screenshot below -
If the AD/LDAP is not integrated for Ranger UNIX authentication the user will not be fetch/displayed in above "select user".
This settings are configured as -
Ambari Login->Services->Ranger->Configs->"Ranger User Info""
Let me know if that clears the difference.
