ychenma
Explorer

Re: Hive user cannot read from HDFS on "load data ...

by Explorer in Support Questions
‎12-06-2018 07:07 PM
‎12-06-2018 07:07 PM
Same here with HDP 2.6. The datafolder is owned by HDFS:HDFS. Ranger granted full access to user Hive. And yet when creating external table user hive is denied access. ... View more

Re: Ranger group policy not being applied to the u...

by Explorer in Support Questions
‎11-08-2018 05:42 PM
‎11-08-2018 05:42 PM
My mistake. Got it working. Look like my problem is on the privilege selection. I only checked 'select' and 'read'. That obviously not enough for the user to select and the error message shows simply the user does not have select * privilege. ... View more

Re: Ranger - Hive Policies does not work with LDAP...

by Explorer in Support Questions
‎11-08-2018 05:13 PM
‎11-08-2018 05:13 PM
Same here. ... View more

Re: Ranger group policy not being applied to the u...

by Explorer in Support Questions
‎11-08-2018 04:37 PM
‎11-08-2018 04:37 PM
Followed the instruction exactly. Core-site.xml is configured using LDAP. Even hdfs groups [user] returns the correct group. But the policy defined (allow the group to select a table in a database) for the group without specify specific user name denies access from members of the group unless I add the individual user to the policy. The users/group shows correctly the users belong to the group. ... View more

Re: cloudbreak 2.7.1 crashing

by Explorer in Support Questions
‎09-27-2018 02:40 PM
‎09-27-2018 02:40 PM
Exactly same problem here. I actually follows the instruction here. I tried multiple times. ... View more

Re: Ranger sync fetched LDAP users but not showing...

by Explorer in Support Questions
‎05-22-2018 09:10 PM
‎05-22-2018 09:10 PM
Finally figured out: Ranger is looking for attribute uid. My users all have cn rather than uid and therefore it did retrieve the users and groups from LDAP but not inserted in the database. As far as group goes when there is no user with uid attributes in the group the group is fetched but not saved to ranger. ... View more

Re: Ranger sync fetched LDAP users but not showing...

by Explorer in Support Questions
‎05-22-2018 06:34 PM
‎05-22-2018 06:34 PM
Yes. That tool works fine and returns the same result as the log file. ... View more

Re: Ranger sync fetched LDAP users but not showing...

by Explorer in Support Questions
‎05-22-2018 06:34 PM
‎05-22-2018 06:34 PM
Yes. It was set to 'false' ... View more

Re: Ranger sync fetched LDAP users but not showing...

by Explorer in Support Questions
‎05-22-2018 06:10 PM
‎05-22-2018 06:10 PM
Yes. The mock run is set to 'false'. The ldap tool returned perfect result. All users and group are retrieved using the tool. Applying the same properties and I retrieved all shown in the log but not in the database as I logged into mySQL and queried the x_user table and x_group table. ... View more

Re: Ranger sync fetched LDAP users but not showing...

by Explorer in Support Questions
‎05-22-2018 04:50 PM
‎05-22-2018 04:50 PM
Further debugging information shows it is adding users and group to the database. But why it just did not show in the console? 22 May 2018 16:32:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 1 22 May 2018 16:32:46 DEBUG LdapDeltaUserGroupBuilder [UnixUserSyncThread] - addOrUpdateGroup(): group = students users = [cn=andrew,ou=sds,dc=air,dc=org, cn=ranger,ou=sds,dc=air,dc=org] 22 May 2018 16:32:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - addOrUpdateGroup for students with users: [cn=andrew,ou=sds,dc=air,dc=org, cn=ranger,ou=sds,dc=air,dc=org] 22 May 2018 16:32:46 DEBUG AbstractJavaKeyStoreProvider [UnixUserSyncThread] - backing jks path initialized to file:/usr/hdp/current/ranger-usersync/conf/ugsync.jceks 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - RESPONSE for /service/xusers/groupusers/groupName/students: [{"createDate":null,"updateDate":null}] 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - addUsers = [cn=andrew,ou=sds,dc=air,dc=org, cn=ranger,ou=sds,dc=air,dc=org] 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.delXGroupUserInfo students and [] 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.addGroupUserInfo students and [cn=andrew,ou=sds,dc=air,dc=org, cn=ranger,ou=sds,dc=air,dc=org] 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO: addPMXAGroup(students) 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO: addPMXAGroupToUser(students,cn=andrew,ou=sds,dc=air,dc=org) 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO: addPMXAGroupToUser(students,cn=ranger,ou=sds,dc=air,dc=org) 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - GROUP USER MAPPING{"xgroupInfo":{"name":"students","description":"students - add from Unix box","groupType":"1","groupSource":"1"},"xuserInfo":[{"name":"cn\u003dandrew,ou\u003dsds,dc\u003dair,dc\u003dorg","description":"cn\u003dandrew,ou\u003dsds,dc\u003dair,dc\u003dorg - add from Unix box","groupNameList":[],"userRoleList":[]},{"name":"cn\u003dranger,ou\u003dsds,dc\u003dair,dc\u003dorg","description":"cn\u003dranger,ou\u003dsds,dc\u003dair,dc\u003dorg - add from Unix box","groupNameList":[],"userRoleList":[]}]} 22 May 2018 16:32:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - RESPONSE: [{"createDate":null,"updateDate":null,"xuserInfo":[]}] 22 May 2018 16:32:47 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink ... View more

Ranger sync fetched LDAP users but not showing in ...

by Explorer in Support Questions
‎05-22-2018 04:15 PM
‎05-22-2018 04:15 PM
Ranger user sync seems to have fetched the users and groups from ApacheAD LDAP as shown in the log. But the users not showing in Ranger UI. Please help. I have tried both user filter (cn=*) and empty with no difference. 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: ldap://54.197.148.18:10389, ldapBindDn: cn=ranger,ou=sds,dc=air,dc=org, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=air,dc=org, userSearchBase: [ou=sds,dc=air,dc=org], userSearchScope: 2, userObjectClass: person, userSearchFilter: (cn=*), extendedUserSearchFilter: null, userNameAttribute: cn, userSearchAttributes: [uSNChanged, cn, modifytimestamp], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [ou=sds,dc=air,dc=org], groupSearchScope: 2, groupObjectClass: groupOfUniqueNames, groupSearchFilter: , extendedGroupSearchFilter: (&null(|(uniqueMember={0})(uniqueMember={1}))), extendedAllGroupsSearchFilter: null, groupMemberAttributeName: uniqueMember, groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, cn, uniqueMember, modifytimestamp], groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: ignore 22 May 2018 14:57:04 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(cn=*)) 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=groupOfUniqueNames)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))) 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20180518183001.391Zand currentDeltaSyncTime = 1526668201000 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longUserName: cn=ranger,ou=sds,dc=air,dc=org, userName: ranger 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longUserName: cn=andrew,ou=sds,dc=air,dc=org, userName: andrew 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - No. of members in the group students = 2 22 May 2018 14:57:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 1 22 May 2018 14:57:05 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 22 May 2018 14:57:05 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink 22 May 2018 14:57:09 INFO UnixAuthenticationService [main] - Enabling Unix Auth Service! 22 May 2018 14:57:09 INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello] 22 May 2018 14:57:09 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1] 22 May 2018 14:57:09 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1] 22 May 2018 14:57:09 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2] ... View more
Labels:

Re: KNOX SSO ambari login redirect Issue

by Explorer in Support Questions
‎04-26-2018 07:58 PM
‎04-26-2018 07:58 PM
Any conclusion? I tried everything mentioned in this thread and nothing works. ... View more
Contact Me
Online
Offline
Last Visited
‎01-03-2019 07:27 PM
Public Statistics
Date Registered ‎04-26-2018 07:55 PM
Last Visited ‎01-03-2019 07:27 PM
Total Messages Posted 13