You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2015/01/13 17:06:34 UTC
[jira] [Created] (RANGER-217) Add LDAPS support / fix incorrectly
returning Bad Credentials for connection problem
Hari Sekhon created RANGER-217:
----------------------------------
Summary: Add LDAPS support / fix incorrectly returning Bad Credentials for connection problem
Key: RANGER-217
URL: https://issues.apache.org/jira/browse/RANGER-217
Project: Ranger
Issue Type: Bug
Affects Versions: 0.4.0
Environment: HDP 2.2
Reporter: Hari Sekhon
When configuring ranger-admin to use LDAPS it seems to not be supported or breaks with incorrect error.
In install.properties
{code}xa_ldap_url="ldaps://host.domain.com:636"{code}
While attempting to log in to ranger admin web ui, /var/log/ranger/admin/xa_portal.log shows: {code}2015-01-13 15:54:34,522 [http-bio-6080-exec-3] INFO com.xasecure.security.listener.SpringEventListener (SpringEventListener.java:87) - Login Unsuccessful:hari | Ip Address:x.x.x.x | Bad Credentials
{code} I can understand if this is because my LDAPS server uses a self-signed cert and I need to supply a trusted CA cert but I can't see any setting for that or find any documentation around Apache Ranger LDAPS.
That Bad Credentials error is clearly wrong because redeploying ranger-admin using straight LDAP allows login to succeed with the same password:
{code}xa_ldap_url="ldap://host.domain.com:389"{code}
This is both insecure to only work with plain LDAP and also the error message is wrong since it was the exact same password used on the Ranger Admin web UI in both cases.
Regards,
Hari Sekhon
http://www.linkedin.com/in/harisekhon
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)