Member since
02-09-2015
95
Posts
8
Kudos Received
9
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
5789 | 08-23-2021 04:07 PM | |
1519 | 06-30-2021 07:34 AM | |
1830 | 06-30-2021 07:26 AM | |
14481 | 05-17-2019 10:27 PM | |
3176 | 04-08-2019 01:00 PM |
05-26-2021
04:57 AM
Hi, Below are configuration for connecting Apache Ranger with LDAP/LDAPS. There's an important tool that will help to identify some settings in your AD AD Explorer - Windows Sysinternals | Microsoft Docs This configuration will sync LDAP users and link them with their LDAP groups every 12 hour, so you later from Apache Ranger you can give permission based on LDAP groups as well. For connecting using LDAPS, make sure you have the proper certificates added in the same server that contains the Ranger's UserSync service. Configuration Name Configuration Value Comment ranger.usersync.source.impl.class org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder ranger.usersync.sleeptimeinmillisbetweensynccycle 12 hour ranger.usersync.ldap.url ldaps://myldapserver.example.com ldaps or ldap based on your LDAP security ranger.usersync.ldap.binddn myuser@example.com ranger.usersync.ldap.ldapbindpassword mypassword ranger.usersync.ldap.searchBase OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync ranger.usersync.ldap.user.searchbase OU=hadoop2,DC=example,DC=com;OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync, you can also add 2 OU and separate them with ; ranger.usersync.ldap.user.objectclass user double check the same ranger.usersync.ldap.user.searchfilter (memberOf=CN=HADOOP_ACCESS,DC=example,DC=com) if you want to filter specific users to be synced in ranger and not your entire AD ranger.usersync.ldap.user.nameattribute sAMAccountName double check the same ranger.usersync.ldap.user.groupnameattribute memberOf double check the same ranger.usersync.user.searchenabled true ranger.usersync.group.searchbase OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync ranger.usersync.group.objectclass group double check the same ranger.usersync.group.searchfilter (cn=hadoop_*) if you want to sync specific groups not all AD groups ranger.usersync.group.nameattribute cn double check the same ranger.usersync.group.memberattributename member double check the same ranger.usersync.group.search.first.enabled true ranger.usersync.truststore.file /path/to/truststore-file ranger.usersync.truststore.password TRUST_STORE_PASSWORD There's some helpful links about how to construct complex LDAP search queries Search Filter Syntax - Win32 apps | Microsoft Docs Best Regards,
... View more
03-30-2021
02:21 AM
Hi @Ninads , I am also using CDP 7.1.4 and having same error when spark connects to hbase, did you manage to identify the issue ? Best Regards,
... View more
02-26-2021
07:31 AM
Hi, can you check the mysql driver version compatibility with your mysql server version ? MySQL :: MySQL Connector/J 8.0 Developer Guide :: 2 Connector/J Versions, and the MySQL and Java Versions They Require , That particular error from your logs : com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.
java.lang.RuntimeException: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Then you might need to use different version of mysql driver thats compatible with your mysql server. Best Regards,
... View more
02-26-2021
07:13 AM
Hi, can you share the Ranger logs? they should contain the exact error messages . Best Regards,
... View more
02-26-2021
07:08 AM
2 Kudos
Hi, you can check your Nifi resources, specifically the Java Heap size found in "bootstrap.conf" file and increase that, please check this for Nifi performance best practices HDF/CFM NIFI Best practices for setting up a high ... - Cloudera Community . Best Regards,
... View more
02-26-2021
07:02 AM
1 Kudo
Hi, As you previously had a version of hive in same machine and the error here is referring to hive metastore then its probably due to old config from the old hive installation "/etc/hive/conf". Best Regards,
... View more
05-26-2019
03:27 PM
hi @gabriele
ran
have you managed to make spark read the jaas file while using ooozie ?
... View more
05-17-2019
10:27 PM
also for more documentation about how we found the solution, in this tez jira ticket https://issues.apache.org/jira/browse/TEZ-3894 its mentioned that tez is getting its intermediate files permissions from "fs.permissions.umask-mode" in our dev environment it was set to 022 but 077 in prod and it was same for you as well so thats how we figured this out, also it was difficult as the file.out.index was created with the correct permission but not the file.out which was causing the result of map not readable by yarn user
... View more
05-17-2019
10:12 PM
glad to work with you and your team to get this issue fixed
... View more
05-17-2019
09:49 AM
yeah, sure will happily work with you to get this fixed
... View more