Community Articles

Find and share helpful community-sourced technical articles.
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)

Short Description:

This article includes manual steps to be performed, if a cluster is setup with Hdfs, Ranger and Ranger KMS services and Ranger service is syncing users from LDAP/AD and Hadoop group mapping is configured using SSSD. Steps provided will help Ranger KMS service to resolve groups with spaces or no name as same as in Hadoop.


To resolve groups with spaces or no name, Ranger KMS process should have access to hadoop native library path for using JniBasedUnixGroupsMapping class.

Steps for Ambari 2.6.x version:

  1. Create a sh file in Ranger KMS conf directory which will specify -Djava.library.path.
    vim /usr/hdp/current/ranger-kms/conf/
  2. Add below content and save file.
    export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "
  3. Update the ownership of with the user which is used to start Ranger KMS process. (default user is kms)
    chown kms:kms /usr/hdp/current/ranger-kms/conf/
  4. Restart Ranger KMS service from Ambari.

Steps for Ambari 3.0.x version:

  1. Directly specify -Djava.library.path in Configs section of Ranger KMS from Ambari.
    Go to Ranger KMS > Configs > Advanced section > Advanced kms-env section > kms-env template, add below line
    export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "
  2. After saving the configs from Ambari, restart Ranger KMS service.
0 Kudos
Version history
Last update:
‎08-16-2018 12:21 PM
Updated by: