Created 12-07-2015 05:39 PM
07 Dec 2015 11:33:12 INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder 07 Dec 2015 11:33:13 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder created 07 Dec 2015 11:33:13 INFO UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder 07 Dec 2015 11:33:13 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 07 Dec 2015 11:33:13 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 07 Dec 2015 11:33:13 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 07 Dec 2015 11:33:13 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580^@] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149) at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262) at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58) at java.lang.Thread.run(Thread.java:745)
Created 12-07-2015 05:44 PM
Mike,
This error usually occurs if the bind credentials (bind dn and/or bind password) are incorrect. Can you please verify those?
Created 12-07-2015 05:42 PM
@Mike Li please check the credentials and ldap configs
Created 12-07-2015 06:50 PM
https://confluence.atlassian.com/display/CONFKB/User+directory+sync+fails+with+LDAP+Error+Code+49
52e = invalid credentials
LDAP: error code 49-80090308:LdapErr: DSID-0C0903CF, comment:AcceptSecurityContext error, data 52e,
Created 12-07-2015 07:03 PM
Thanks all for providing possible reasons and solutions. I verified the user and password, they are correct. The only thing I can think of now is that whether from SysAdmin/Unix side, they need doing something, like to grant these users/goups to access the boxes??
Created 12-07-2015 07:09 PM
Yes..thats true. Look into sssd or nslcd.
Are you able to access LDAP broweser using LDAP credentials?
Created 12-08-2015 08:42 PM
Yes. I can use LDAP browser\Editor using the same credential.
Created 12-09-2015 04:14 PM
Neeraj,
You are right the password got messed up. After correcting it, it starts to sync users/groups with AD.
Mike
Created 12-09-2015 04:16 PM
@Mike Li Did it help to resolve the issue? Thanks for confirming and updating the thread.
Created 12-07-2015 05:44 PM
Mike,
This error usually occurs if the bind credentials (bind dn and/or bind password) are incorrect. Can you please verify those?
Created 12-08-2015 08:41 PM
But I am sure my user and credentials are right, since I can use the credential in LDAP browser.