Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

ranger usersync connect to ldap failed

Labels:
avatar
author-rank bigdatacn
Expert Contributor

Created ‎02-29-2016 09:10 AM

Summary: Our LDAP ssl crt is signed-certification. 

29 Feb 2016 09:08:06 ERROR PasswordValidator [Thread-43] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
29 Feb 2016 09:09:06 ERROR PasswordValidator [Thread-44] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
4,255 Views
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-29-2016 09:48 AM

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

View solution in original post

3,738 Views
0 Kudos
11 REPLIES 11

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-29-2016 09:48 AM

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

3,739 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎02-29-2016 10:49 AM

@Neeraj Sabharwal, thanks for your reply. I've runned on Ambari UI. it works fine. but How can I add ldap user/groups to ranger. seems I can't add them, if there have some docs link. Could you share with me ? Thanks.

We want to use ranger to harden hadoop.

Notes: HDP 2.2 Ranger 0.4

3,426 Views

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-01-2016 01:44 AM

@Neeraj Sabharwal ambari version 2.0.1

3,426 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-01-2016 01:51 AM

@henryon wen

This can save you lot of time https://github.com/abajwa-hw/security-workshops

The above guide is very helpful to learn security setup.

You asked for official doc https://cwiki.apache.org/confluence/display/RANGER/Configure+Ranger+UserSync+for+LDAP

3,426 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-02-2016 08:56 AM

@henryon wen Could you help me to close this thread by accepting the answer?

3,426 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-02-2016 06:43 AM

@Neeraj Sabharwal

thanks,

btw, I encountered another issues when sync LDAP user/groups.

Can you help on this? Thanks.

The error messages:

02 Mar 2016 06:38:09  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with --  ldapUrl: ldaps://52.17.129.212:636,  ldapBindDn: cn=admin,dc=abc,dc=com,  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: simple,  userSearchBase: ou=people,dc=abc,dc=com,  userSearchScope: 2,  userObjectClass: person,  userSearchFilter: -,  extendedSearchFilter: (&(objectclass=person)(-)),  userNameAttribute: uid,  userSearchAttributes: [uid, memberof]
02 Mar 2016 06:38:09 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 300000 milliseconds. Error details:
javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=people,dc=abc,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at com.xasecure.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:195)
at com.xasecure.usergroupsync.UserGroupSync.run(UserGroupSync.java:59)
at java.lang.Thread.run(Thread.java:745)
3,426 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎03-02-2016 09:00 AM

@henryon wen Please open this as new question

3,426 Views
0 Kudos

avatar
author-rank bigdatacn
Expert Contributor

Created ‎03-02-2016 09:25 AM

@Neeraj Sabharwal I've fixed by myself. by setting SYNC_LDAP_USER_SEARCH_FILTER to "uid=*"

3,426 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements