I am configuring ldap in usersync install.properties file, attached here install.txt. My user ldif file is attached here: users.txt I am not able to see any errors in usersync logs: 2018 01:34:38 INFO UnixAuthenticationService [main] - Starting User Sync Service! 20 Feb 2018 01:34:38 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex 20 Feb 2018 01:34:38 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex 20 Feb 2018 01:34:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder created 20 Feb 2018 01:34:38 INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep Time Between Cycle can not be lower than [3600000] millisec. resetting to min value. 20 Feb 2018 01:34:38 INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder 20 Feb 2018 01:34:39 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex 20 Feb 2018 01:34:39 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder created 20 Feb 2018 01:34:39 INFO UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization started 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: ldap://localhost:33389, ldapBindDn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=hadoop,dc=apache,dc=org, userSearchBase: [ou=people,dc=hadoop,dc=apache,dc=org], userSearchScope: 2, userObjectClass: person, userSearchFilter: (uid=*), extendedUserSearchFilter: null, userNameAttribute: uid, userSearchAttributes: [uid, uSNChanged, modifytimestamp], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [ou=groups,dc=hadoop,dc=apache,dc=org], groupSearchScope: 2, groupObjectClass: groupofnames, groupSearchFilter: (cn=*), extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: ignore 20 Feb 2018 01:34:39 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(uid=*)) 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=groupofnames)(cn=*)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))) 20 Feb 2018 01:34:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0 20 Feb 2018 01:34:39 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 20 Feb 2018 01:34:39 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink 20 Feb 2018 01:34:43 INFO UnixAuthenticationService [main] - Enabling Unix Auth Service! 20 Feb 2018 01:34:43 INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello] 20 Feb 2018 01:34:43 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1] 20 Feb 2018 01:34:43 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1] 20 Feb 2018 01:34:43 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2]I have configured ldap as sync_source in install.properties. I have attached the config file. Still no user or group synching in ranger ui. Please help! ... View more

I have user as 'knox' on hadoop cluster (Kerberos enabled). I am running Demo LDAP for Knox authentication. My proxy settings in core-site.xml: hadoop.proxyuser.knox.groups = users hadoop.proxyuser.knox.hosts = [myhadoopMasterNode_Hostname] Now I am trying to run curl command using username 'guest' and pwd 'guest-password' from users.ldif file. This is giving error: knox is not able to impersonate guest. Then I changed this property: hadoop.proxyuser.knox.groups=*. I am able to run curl command successfully. Please help me understand two things: 1) How this property(hadoop.proxyuser.knox.groups) setting is working> 2) Can identity-assertion property in topology file can help resolving this same issue? ... View more

I am running below command on ubuntu node where my single node hadoop cluster(kerberized) with existing Active Directory: root@host1:~# kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-testcluster@SRV.COM Where, hadoop_cluster_name = testcluster, Realm=SRV.COM I am trying to access hdfs with hdfs service-principal name. But I am not sure in this command what is the user-principal who is requesting this service. Is it the "kadmin Principal" which I set during configuration setting of Kerberos? ... View more

I am specifically looking for what commands on terminal I should run to create file in hdfs and get files in hdfs. ... View more