Member since
09-10-2015
261
Posts
85
Kudos Received
43
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
3184 | 11-15-2018 10:21 PM | |
1372 | 09-05-2018 09:03 PM | |
2538 | 03-19-2018 09:15 PM | |
2104 | 03-16-2018 08:40 PM | |
1078 | 02-09-2018 05:25 PM |
06-14-2021
08:13 AM
A bit late to the party, but hope the following will help. By calling the main functions of the classes, UnixUserGroupBuilder, PolicyMgrUserGroupBuilder or LdapUserGroupBuilder is not going to work, since the main classes of these are only initializing the classes. In order to start the actual sync, the function updateSink needs to be called. During startup this is handled by the class org.apache.ranger.usergroupsync.UserGroupSync thus, calling its main function will trigger the syncing using the configuration that you set in your cluster. A complete example for triggering the usersync manually could be: java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-1.2.0.3.1.5.135-2.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.usergroupsync.UserGroupSync for HDP and java -Dlogdir=/var/log/ranger/usersync -cp "/opt/cloudera/parcels/CDH/lib/ranger-usersync/dist/unixusersync-2.1.7.1.7.0-460.jar:/opt/cloudera/parcels/CDH/lib/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.usergroupsync.UserGroupSync for CDP.
... View more
09-20-2019
06:28 AM
I found the Ranger KMS Admin Guide for HDP 2.4.0, hopefully this is what you are looking for.
... View more
01-15-2019
01:21 PM
You are right. I just not carefully was reading documentation, not admin user can't view policy.
... View more
05-12-2019
06:11 PM
1 Kudo
Remove entry from ranger db and restart ranger admin process to resolve this. # select * from x_db_version_h where version = 'J10001';
# delete from x_db_version_h where version = 'J10001'; This is usually seen during fresh install. After installation during first start of ranger admin process, ambari start applying patches and if this operation is aborted due to any reason, you may see this error when you restart ranger admin process.
... View more
02-27-2018
03:19 PM
2 Kudos
Prakash Punj Audit source from HDFS is not supported at Ranger end. However, you can store audits in HDFS through plugins. so if you want to get audits on ranger UI, you need to change the audit source to solr and store the audits to solr.
... View more
02-01-2018
04:17 PM
Can you check you hadoop.kms.authentication.kerberos.name.rules settings from kms-site.xml? Try "DEFAULT" if you have a customized setting that is invalid. You mentioned that the kms principle is changed. Can you also post your hadoop.kms.authentication.kerberos.principal and hadoop.security.auth_to_local settings from core-site.xml?
... View more
11-17-2017
07:32 AM
I found the solution. Issue is fixed now. In my case, one of LDAP username is 'dvteam' but in LDAP database there was full description of username as 'architecture dev team, locations, team details, etc'. Error messages I found in nifi-user.log. is 'architecture dev team' user was trying to authenticate with nifi nodes. Authentication was successful but authorizations not happening. The username which I've mentioned in initial admin identity was 'dvteam'.(cn=dvteam,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) Then as per logs, I changed it to (cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) Also there was some mismatch about host names in node identities section. 'hostname -f' shows a hostname ip-zz-xx-ec2-internal. So, I have given 'ip-zz-xx-ec2-internal' in node identities section but that was not working. Then I have changed the hostnames to 'nifi1.abc.local' and mentioned in node identities. In 'Template for login-identity-providers.xml' I've made some changes. Earlier I had set 'use_username' in '<property name="Identity Strategy">USE_DN</property>' this section. later I've changed to use_dn. because as per nifi-user log authentication is happening with LDAP user 'architecture dev team'. So in my case user_username was not working for authentications. Every configurations changes I used to remove authorizations.xml and users.xml file from my all nifi nodes. Also There was confusion on about 'OU' in Node identities section. What does it mean OU in node identities section? I don't know yet. Later I've mentioned 'OU=nifi' and also gave host names as 'nifi1.abc.local' , 'nifi2.abc.local', etc. I have added AD/LDAP user in Initial Admin Identity(cn=architecture dev team,ou=xx,ou=xx,ou=xx,ou=xx,dc=abc,dc=com) After setting above all, I was facing an error about setting nifi.security.identity.mapping.pattern.dn. There was a challenge about the pattern definition. There was 4 'ou' I have defined in initial admin identities and login-identity-providers.xml. So I've used below pattern and it worked well. ^cn=(.?),ou=(.?),ou=(.?),ou=(.?),ou=(.?),dc=(.?),dc=(.?)$ Note: I have removed Ranger completely. Thanks, Suraj
... View more
10-10-2017
06:13 PM
@vperiasamy I was experiencing a similar issue with my Atlas UI after this 'ABORTED' upgrade, and I did happen to try a different type of browser, and issue was resolved. I tried with Ranger as well, and it's indeed a browser issue. Thanks.
... View more
09-11-2017
04:52 PM
1 Kudo
Read/Write permissions are applicable only for S3 URL. See https://issues.apache.org/jira/browse/RANGER-1513 @Ramesh Mani can provide further clarification.
... View more