Hi @RedOne @EricL    Were you guys able to figure out the issue. I am also facing the exact issue.r angersyncuser is not authenticated because the login is used as the password and the password is used as the login. I tried updating the password but that also didn't help.    Can you please help.  ... View more

Hi @ryanth9893    Were you able to figure out this issue? I am also facing a similar problem.    ranger-admin.log   2021-06-16 09:13:19,417 [http-bio-6182-exec-3] INFO  org.apache.ranger.security.han dler.RangerAuthenticationProvi der (RangerAuthenticationProvider. java:148) - Authentication with SHA-256 failed. Now trying with MD5. 2021-06-16 09:13:19,418 [http-bio-6182-exec-3] INFO  org.apache.ranger.security.lis tener.SpringEventListener (SpringEventListener.java:86) - Login Unsuccessful:password123 | Ip Address:10.234.xx.xx | Bad Credentials 2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JP ABeanCallbacks (JPABeanCallbacks.java:45) - AddedByUserId is null or 0 and hence getting it from userSession for null 2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JP ABeanCallbacks (JPABeanCallbacks.java:62) - Security context not found for this request. Identity of originator of this change cannot be recorded 2021-06-16 09:13:19,429 [http-bio-6182-exec-3] DEBUG apache.ranger.security.web.aut hentication.RangerAuthenticati onEntryPoint (RangerAuthenticationEntryPoin t.java:82) - commence() X-Requested-With=null 2021-06-16 09:13:19,470 [http-bio-6182-exec-14] DEBUG org.apache.ranger.security.han dler.RangerAuthenticationProvi der (RangerAuthenticationProvider. java:142) - JDBC Authentication failure: org.springframework.security.a uthentication.BadCredentialsEx ception: Bad credentials         at org.springframework.security.a uthentication.dao.AbstractUser DetailsAuthenticationProvider. authenticate(AbstractUserDetai lsAuthenticationProvider.java: 151)         at org.apache.ranger.security.han dler.RangerAuthenticationProvi der.getJDBCAuthentication(Rang erAuthenticationProvider.java: 604)     Below is the RangerUserSync.log. Keep getting "Credentials response from ranger is 401." 16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 16 Jun 2021 09:51:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 175293790and currentDeltaSyncTime = 175293790 16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401   if you have figured out the issue then can you please help?    ... View more

Hi,   Below are configuration for connecting Apache Ranger with LDAP/LDAPS. There's an important tool that will help to identify some settings in your AD AD Explorer - Windows Sysinternals | Microsoft Docs  This configuration will sync LDAP users and link them with their LDAP groups every 12 hour, so you later from Apache Ranger you can give permission based on LDAP groups as well.   For connecting using LDAPS, make sure you have the proper certificates added in the same server that contains the Ranger's UserSync service.   Configuration Name Configuration Value Comment ranger.usersync.source.impl.class org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder   ranger.usersync.sleeptimeinmillisbetweensynccycle 12 hour   ranger.usersync.ldap.url ldaps://myldapserver.example.com ldaps or ldap based on your LDAP security ranger.usersync.ldap.binddn myuser@example.com   ranger.usersync.ldap.ldapbindpassword mypassword   ranger.usersync.ldap.searchBase OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync ranger.usersync.ldap.user.searchbase OU=hadoop2,DC=example,DC=com;OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync, you can also add 2 OU and separate them with ; ranger.usersync.ldap.user.objectclass user double check the same  ranger.usersync.ldap.user.searchfilter (memberOf=CN=HADOOP_ACCESS,DC=example,DC=com) if you want to filter specific users to be synced in ranger and not your entire AD ranger.usersync.ldap.user.nameattribute sAMAccountName double check the same ranger.usersync.ldap.user.groupnameattribute memberOf double check the same ranger.usersync.user.searchenabled true   ranger.usersync.group.searchbase OU=hadoop,DC=example,DC=com you can browse your AD and check which OU you want to make Ranger sync ranger.usersync.group.objectclass group double check the same ranger.usersync.group.searchfilter (cn=hadoop_*) if you want to sync specific groups not all AD groups ranger.usersync.group.nameattribute cn double check the same ranger.usersync.group.memberattributename member double check the same ranger.usersync.group.search.first.enabled true   ranger.usersync.truststore.file /path/to/truststore-file   ranger.usersync.truststore.password TRUST_STORE_PASSWORD       There's some helpful links about how to construct complex LDAP search queries Search Filter Syntax - Win32 apps | Microsoft Docs   Best Regards,  ... View more

It was most likely a crash. You could probably confirm by looking at the logs or health checks on the affected host.   Please report via support if you have a support contract. ... View more