Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

ranger usersync connect to ldap failed

Solved Go to solution

ranger usersync connect to ldap failed

Rising Star

Summary: Our LDAP ssl crt is signed-certification.

29 Feb 2016 09:08:06 ERROR PasswordValidator [Thread-43] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
29 Feb 2016 09:09:06 ERROR PasswordValidator [Thread-44] - Response [FAILED: unable to validate due to error javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 12 more
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ranger usersync connect to ldap failed

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

11 REPLIES 11

Re: ranger usersync connect to ldap failed

@henryon wen

Ambari is doing a service check to ensure that the UserSync process is up and running and it can be safely ignored.

Re: ranger usersync connect to ldap failed

Rising Star

@Neeraj Sabharwal, thanks for your reply. I've runned on Ambari UI. it works fine. but How can I add ldap user/groups to ranger. seems I can't add them, if there have some docs link. Could you share with me ? Thanks.

We want to use ranger to harden hadoop.

Notes: HDP 2.2 Ranger 0.4

Re: ranger usersync connect to ldap failed

Re: ranger usersync connect to ldap failed

Rising Star

@Neeraj Sabharwal ambari version 2.0.1

Re: ranger usersync connect to ldap failed

@henryon wen

This can save you lot of time https://github.com/abajwa-hw/security-workshops

The above guide is very helpful to learn security setup.

You asked for official doc https://cwiki.apache.org/confluence/display/RANGER/Configure+Ranger+UserSync+for+LDAP

Re: ranger usersync connect to ldap failed

@henryon wen Could you help me to close this thread by accepting the answer?

Re: ranger usersync connect to ldap failed

Rising Star

@Neeraj Sabharwal

thanks,

btw, I encountered another issues when sync LDAP user/groups.

Can you help on this? Thanks.

The error messages:

02 Mar 2016 06:38:09  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with --  ldapUrl: ldaps://52.17.129.212:636,  ldapBindDn: cn=admin,dc=abc,dc=com,  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: simple,  userSearchBase: ou=people,dc=abc,dc=com,  userSearchScope: 2,  userObjectClass: person,  userSearchFilter: -,  extendedSearchFilter: (&(objectclass=person)(-)),  userNameAttribute: uid,  userSearchAttributes: [uid, memberof]
02 Mar 2016 06:38:09 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 300000 milliseconds. Error details:
javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=people,dc=abc,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at com.xasecure.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:195)
at com.xasecure.usergroupsync.UserGroupSync.run(UserGroupSync.java:59)
at java.lang.Thread.run(Thread.java:745)

Re: ranger usersync connect to ldap failed

@henryon wen Please open this as new question

Re: ranger usersync connect to ldap failed

Rising Star

@Neeraj Sabharwal I've fixed by myself. by setting SYNC_LDAP_USER_SEARCH_FILTER to "uid=*"