Member since
05-25-2018
77
Posts
2
Kudos Received
0
Solutions
09-29-2021
11:34 PM
If you are using the Java truststore it does not have any file extension name like (jks or pem). So it does not require any extension. You need to make sure that it is having the right set of permission to access the truststore.
... View more
07-27-2018
05:53 PM
@Jay Kumar SenSharma will it work for postgres too? thanks
... View more
02-19-2018
05:15 PM
Thank you very much, Harald, for addressing my questions Regards JJ
... View more
02-17-2018
09:16 PM
1 Kudo
@Jacqualin jasmin By Default spark will take care of renewing kerberos ticket when it is about to expire. So you need not make any changes.
... View more
10-31-2017
05:52 PM
@Jacqualin jasmin Couple of things I noticed from the description: 1. ldaptool currently doesn't support ldaps 2. binddn used by ldaptool should be the distinguished name (generally the whole dn like cn=admin,ou=users,dc=example,dc=com) 3. In the ldapsearch that you posted, I don't see the "-D" (bindn) option in which case you are using anonymous bind. If this is not what you want to use, can you try the following ldapsearch command: >> ldapsearch -h free-ipa-dev-01.uat.txdc.datastax.com -x -D "<full dn of bind user>"-b "dc=txdc,dc=datastax,dc=com" -W enter password of binddn user when prompted. 4. ldaptool doesn't support anonymous bind Hope this helps. Thanks Sailaja.
... View more
09-21-2017
05:05 PM
Thank Sonu, it helps me alot . keep up this spirit
... View more
09-29-2017
07:15 PM
Hi @Jacqualin jasmin You have to use the API or the configs.sh helper command: /var/lib/ambari-server/resources/scripts/configs.sh
-port 8080 set localhost <CLUSTER_NAME> ranger-env ranger_admin_log_dir
"/var/log/hdp/ranger/admin" /var/lib/ambari-server/resources/scripts/configs.sh
-port 8080 set localhost <CLUSTER_NAME> ranger-env ranger_usersync_log_dir
"/var/log/hdp/ranger/usersync" /var/lib/ambari-server/resources/scripts/configs.sh
-port 8080 set localhost <CLUSTER_NAME> ranger-env ranger.tagsync.logdir
"/var/log/hdp/ranger/tagsync"
... View more
05-02-2017
06:08 PM
Hi @Jacqualin jasmin - looking at the /etc/passwd in my lab, I see a mixture of service logins with ids of around 500 and others are over 1000. Hive specifically is less than 1000. I also looked at a larger secured production cluster, and all the service logins were over 1000. Looks like you have several options: (1) set min.user.id=500, but not sure this is advisable from security perspective, (2) create new accounts over 1000 and use those to launch your jobs, (3) white list the user somehow (not entirely sure how to do that), or (4) update the service accounts with higher numbers.
... View more
03-09-2017
08:06 AM
@Jacqualin jasmin Are you looking out for the 'ranger' database table 'x_portal_user' As per : https://cwiki.apache.org/confluence/display/RANGER/Ranger+0.5.0+Database+Schema This table contains user profile and credentials of Ranger Admin users.
It also contains users synced from external sources but credentials are
not stored and password field contains garbage value. Important
attributes of this table are login_id, password, email, status and
user_src. 'user_src' field value ‘0’ represents internal user while ‘1’
represents external user. External users are users synced from external
sources i.e (UNIX / LDAP / AD). .
... View more
02-07-2017
11:10 PM
Hi Pierre, Could able to find the issue with 1) from beeline , if we connect just with < !connect jdbc:hive2:// > it just prompts for user name / password. Now policy is not working 2) if we connect with complete string like : !connect jdbc:hive2://<hiveserver2>:10000/default test2 test2 , now the policy is enforced
... View more