You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Anandha L Ranganathan <an...@gmail.com> on 2017/12/12 01:45:04 UTC
LDAP integration, the users and groups are not populating in ranger
admin tool
Hi
I am trying to integrate Ranger with LDAP. I made all the configuration and
connectivity is established wtih LDAP. I was going through the logs and I
can see syncing
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder updateSink started
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
Performing Group search first
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
extendedAllGroupsSearchFilter =
(&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local,
skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
skipping sync
But I don't see this data being populated on the user tab on the ranger
admin tool. Is that I am missing something in the config ?
Thanks
Anand
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Anandha L Ranganathan <an...@gmail.com>.
David
Finally I am able to resolve the problem using this link.
https://community.hortonworks.com/content/kbentry/105623/various-options-supported-in-ranger-usersync-with.html
Sailaja,
That was good document. It has well documented with various combination
scenario.
Thanks for your help guys.
Thanks
Anand
On Tue, Jan 2, 2018 at 8:19 AM, David Quiroga <qu...@gmail.com>
wrote:
> Looking back over the thread
>
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,*DC=local,
> skipping sync*
>
> DC=local,skipping sync
>
> Could you re-check your User Search Base and Group Search Base
> particularly the domain controller.
> Typically a domain like hortonworks.com becomes DC=hortonworks,DC=com
>
> On Tue, Jan 2, 2018 at 1:12 AM, Anandha L Ranganathan <
> analog.sony@gmail.com> wrote:
>
>> David,
>>
>> The role is already set to Admin. So I think we are good on this.
>>
>>
>> [image: Inline image 1]
>>
>> On Mon, Dec 18, 2017 at 7:21 PM, David Quiroga <qu...@gmail.com>
>> wrote:
>>
>>> The account that you login to the Ranger Admin UI with, is the role set
>>> to Admin? The default role is User.
>>> Role is located under the user profile.
>>>
>>> I believe only the Admin role can manage/view other users.
>>>
>>> You may need to login to Ranger as user "admin" to grant yourself
>>> permissions.
>>>
>>> -David
>>>
>>>
>>>
>>> On Mon, Dec 18, 2017 at 2:28 PM, Anandha L Ranganathan <
>>> analog.sony@gmail.com> wrote:
>>>
>>>> Thanks Sailaja for the reply.
>>>>
>>>> I followed the instruction and able to establish the connection with
>>>> LDAP and can retrieve all the groups and users. But I am unable to see user
>>>> and group information on the ranger admin.
>>>> I am not sure what other configuration I am missing? The document
>>>> provides the config information for "Ranger User Info". Is there any
>>>> config changes required on the Advanced tab ?
>>>>
>>>> Thanks in advance.
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
>>>> spolavarapu@hortonworks.com> wrote:
>>>>
>>>>> Hi Anand,
>>>>>
>>>>> Looks like some config issue. It will be more helpful to figure out
>>>>> the issue if you can share your config and/or complete usersync logs. For
>>>>> reference, you can check this post on configuration for some common use
>>>>> cases.
>>>>>
>>>>>
>>>>>
>>>>> https://community.hortonworks.com/articles/105620/configurin
>>>>> g-ranger-usersync-with-adldap-for-a-comm.html
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Sailaja.
>>>>>
>>>>>
>>>>>
>>>>> *From: *Anandha L Ranganathan <an...@gmail.com>
>>>>> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>>>> *Date: *Monday, December 11, 2017 at 5:45 PM
>>>>> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>>>> *Subject: *LDAP integration, the users and groups are not populating
>>>>> in ranger admin tool
>>>>>
>>>>>
>>>>>
>>>>> Hi
>>>>>
>>>>> I am trying to integrate Ranger with LDAP. I made all the
>>>>> configuration and connectivity is established wtih LDAP. I was going
>>>>> through the logs and I can see syncing
>>>>>
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - Performing Group search first
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - extendedAllGroupsSearchFilter =
>>>>> (&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTi
>>>>> mestamp>=19700101120000Z)))
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local,
>>>>> skipping sync
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - cn empty for entry OU=Service
>>>>> Accounts,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
>>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>>> [UnixUserSyncThread] - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
>>>>> skipping sync
>>>>>
>>>>> But I don't see this data being populated on the user tab on the
>>>>> ranger admin tool. Is that I am missing something in the config ?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Anand
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by David Quiroga <qu...@gmail.com>.
Looking back over the thread
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,*DC=local,
skipping sync*
DC=local,skipping sync
Could you re-check your User Search Base and Group Search Base particularly
the domain controller.
Typically a domain like hortonworks.com becomes DC=hortonworks,DC=com
On Tue, Jan 2, 2018 at 1:12 AM, Anandha L Ranganathan <analog.sony@gmail.com
> wrote:
> David,
>
> The role is already set to Admin. So I think we are good on this.
>
>
> [image: Inline image 1]
>
> On Mon, Dec 18, 2017 at 7:21 PM, David Quiroga <qu...@gmail.com>
> wrote:
>
>> The account that you login to the Ranger Admin UI with, is the role set
>> to Admin? The default role is User.
>> Role is located under the user profile.
>>
>> I believe only the Admin role can manage/view other users.
>>
>> You may need to login to Ranger as user "admin" to grant yourself
>> permissions.
>>
>> -David
>>
>>
>>
>> On Mon, Dec 18, 2017 at 2:28 PM, Anandha L Ranganathan <
>> analog.sony@gmail.com> wrote:
>>
>>> Thanks Sailaja for the reply.
>>>
>>> I followed the instruction and able to establish the connection with
>>> LDAP and can retrieve all the groups and users. But I am unable to see user
>>> and group information on the ranger admin.
>>> I am not sure what other configuration I am missing? The document
>>> provides the config information for "Ranger User Info". Is there any
>>> config changes required on the Advanced tab ?
>>>
>>> Thanks in advance.
>>>
>>>
>>>
>>>
>>> On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
>>> spolavarapu@hortonworks.com> wrote:
>>>
>>>> Hi Anand,
>>>>
>>>> Looks like some config issue. It will be more helpful to figure out the
>>>> issue if you can share your config and/or complete usersync logs. For
>>>> reference, you can check this post on configuration for some common use
>>>> cases.
>>>>
>>>>
>>>>
>>>> https://community.hortonworks.com/articles/105620/configurin
>>>> g-ranger-usersync-with-adldap-for-a-comm.html
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Sailaja.
>>>>
>>>>
>>>>
>>>> *From: *Anandha L Ranganathan <an...@gmail.com>
>>>> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>>> *Date: *Monday, December 11, 2017 at 5:45 PM
>>>> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>>> *Subject: *LDAP integration, the users and groups are not populating
>>>> in ranger admin tool
>>>>
>>>>
>>>>
>>>> Hi
>>>>
>>>> I am trying to integrate Ranger with LDAP. I made all the configuration
>>>> and connectivity is established wtih LDAP. I was going through the logs and
>>>> I can see syncing
>>>>
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - Performing Group search first
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - extendedAllGroupsSearchFilter =
>>>> (&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTi
>>>> mestamp>=19700101120000Z)))
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local,
>>>> skipping sync
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - cn empty for entry OU=Service
>>>> Accounts,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
>>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>>> [UnixUserSyncThread] - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
>>>> skipping sync
>>>>
>>>> But I don't see this data being populated on the user tab on the ranger
>>>> admin tool. Is that I am missing something in the config ?
>>>>
>>>> Thanks
>>>>
>>>> Anand
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Anandha L Ranganathan <an...@gmail.com>.
David,
The role is already set to Admin. So I think we are good on this.
[image: Inline image 1]
On Mon, Dec 18, 2017 at 7:21 PM, David Quiroga <qu...@gmail.com>
wrote:
> The account that you login to the Ranger Admin UI with, is the role set to
> Admin? The default role is User.
> Role is located under the user profile.
>
> I believe only the Admin role can manage/view other users.
>
> You may need to login to Ranger as user "admin" to grant yourself
> permissions.
>
> -David
>
>
>
> On Mon, Dec 18, 2017 at 2:28 PM, Anandha L Ranganathan <
> analog.sony@gmail.com> wrote:
>
>> Thanks Sailaja for the reply.
>>
>> I followed the instruction and able to establish the connection with LDAP
>> and can retrieve all the groups and users. But I am unable to see user and
>> group information on the ranger admin.
>> I am not sure what other configuration I am missing? The document
>> provides the config information for "Ranger User Info". Is there any
>> config changes required on the Advanced tab ?
>>
>> Thanks in advance.
>>
>>
>>
>>
>> On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
>> spolavarapu@hortonworks.com> wrote:
>>
>>> Hi Anand,
>>>
>>> Looks like some config issue. It will be more helpful to figure out the
>>> issue if you can share your config and/or complete usersync logs. For
>>> reference, you can check this post on configuration for some common use
>>> cases.
>>>
>>>
>>>
>>> https://community.hortonworks.com/articles/105620/configurin
>>> g-ranger-usersync-with-adldap-for-a-comm.html
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Sailaja.
>>>
>>>
>>>
>>> *From: *Anandha L Ranganathan <an...@gmail.com>
>>> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>> *Date: *Monday, December 11, 2017 at 5:45 PM
>>> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>>> *Subject: *LDAP integration, the users and groups are not populating in
>>> ranger admin tool
>>>
>>>
>>>
>>> Hi
>>>
>>> I am trying to integrate Ranger with LDAP. I made all the configuration
>>> and connectivity is established wtih LDAP. I was going through the logs and
>>> I can see syncing
>>>
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - Performing Group search first
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - extendedAllGroupsSearchFilter =
>>> (&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTi
>>> mestamp>=19700101120000Z)))
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local,
>>> skipping sync
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - cn empty for entry OU=Service
>>> Accounts,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
>>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder
>>> [UnixUserSyncThread] - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
>>> skipping sync
>>>
>>> But I don't see this data being populated on the user tab on the ranger
>>> admin tool. Is that I am missing something in the config ?
>>>
>>> Thanks
>>>
>>> Anand
>>>
>>>
>>>
>>>
>>>
>>
>>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by David Quiroga <qu...@gmail.com>.
The account that you login to the Ranger Admin UI with, is the role set to
Admin? The default role is User.
Role is located under the user profile.
I believe only the Admin role can manage/view other users.
You may need to login to Ranger as user "admin" to grant yourself
permissions.
-David
On Mon, Dec 18, 2017 at 2:28 PM, Anandha L Ranganathan <
analog.sony@gmail.com> wrote:
> Thanks Sailaja for the reply.
>
> I followed the instruction and able to establish the connection with LDAP
> and can retrieve all the groups and users. But I am unable to see user and
> group information on the ranger admin.
> I am not sure what other configuration I am missing? The document
> provides the config information for "Ranger User Info". Is there any
> config changes required on the Advanced tab ?
>
> Thanks in advance.
>
>
>
>
> On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
> spolavarapu@hortonworks.com> wrote:
>
>> Hi Anand,
>>
>> Looks like some config issue. It will be more helpful to figure out the
>> issue if you can share your config and/or complete usersync logs. For
>> reference, you can check this post on configuration for some common use
>> cases.
>>
>>
>>
>> https://community.hortonworks.com/articles/105620/configurin
>> g-ranger-usersync-with-adldap-for-a-comm.html
>>
>>
>>
>> Thanks,
>>
>> Sailaja.
>>
>>
>>
>> *From: *Anandha L Ranganathan <an...@gmail.com>
>> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>> *Date: *Monday, December 11, 2017 at 5:45 PM
>> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
>> *Subject: *LDAP integration, the users and groups are not populating in
>> ranger admin tool
>>
>>
>>
>> Hi
>>
>> I am trying to integrate Ranger with LDAP. I made all the configuration
>> and connectivity is established wtih LDAP. I was going through the logs and
>> I can see syncing
>>
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - LdapDeltaUserGroupBuilder updateSink started
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - Performing Group search first
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - extendedAllGroupsSearchFilter = (&(objectclass=organizationalU
>> nit)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local,
>> skipping sync
>> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
>> - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
>> skipping sync
>>
>> But I don't see this data being populated on the user tab on the ranger
>> admin tool. Is that I am missing something in the config ?
>>
>> Thanks
>>
>> Anand
>>
>>
>>
>>
>>
>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Anandha L Ranganathan <an...@gmail.com>.
Sallaja,
I was on vacation and hence there was delay in reply. Here is answer to
your question.
1) I don't see any error in the usersync logs. The users and groups
information started syncing. But unable to see it on the UI.
02 Jan 2018 00:25:03 INFO UserGroupSync [UnixUserSyncThread] - Begin:
update user/group from source==>sink
02 Jan 2018 00:25:03 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder updateSink started
02 Jan 2018 00:25:03 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
Performing Group search first
02 Jan 2018 00:25:03 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
extendedAllGroupsSearchFilter =
(&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
2) We don't have http enabled
3) No error on the xa_portal.log
Thanks
Anand
On Mon, Dec 18, 2017 at 1:25 PM, Sailaja Polavarapu <
spolavarapu@hortonworks.com> wrote:
> Do you see any errors in the usersync logs? Is ranger https enabled? If
> so, are the certs in place properly? Do you see any errors in xa_portal.log?
>
>
>
> *From: *Anandha L Ranganathan <an...@gmail.com>
> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Date: *Monday, December 18, 2017 at 12:28 PM
> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Subject: *Re: LDAP integration, the users and groups are not populating
> in ranger admin tool
>
>
>
> Thanks Sailaja for the reply.
>
>
>
> I followed the instruction and able to establish the connection with LDAP
> and can retrieve all the groups and users. But I am unable to see user and
> group information on the ranger admin.
>
> I am not sure what other configuration I am missing? The document
> provides the config information for "Ranger User Info". Is there any
> config changes required on the Advanced tab ?
>
>
>
> Thanks in advance.
>
>
>
>
>
>
>
>
>
> On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
> spolavarapu@hortonworks.com> wrote:
>
> Hi Anand,
>
> Looks like some config issue. It will be more helpful to figure out the
> issue if you can share your config and/or complete usersync logs. For
> reference, you can check this post on configuration for some common use
> cases.
>
>
>
> https://community.hortonworks.com/articles/105620/
> configuring-ranger-usersync-with-adldap-for-a-comm.html
>
>
>
> Thanks,
>
> Sailaja.
>
>
>
> *From: *Anandha L Ranganathan <an...@gmail.com>
> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Date: *Monday, December 11, 2017 at 5:45 PM
> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Subject: *LDAP integration, the users and groups are not populating in
> ranger admin tool
>
>
>
> Hi
>
> I am trying to integrate Ranger with LDAP. I made all the configuration
> and connectivity is established wtih LDAP. I was going through the logs and
> I can see syncing
>
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - LdapDeltaUserGroupBuilder updateSink started
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - Performing Group search first
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - extendedAllGroupsSearchFilter = (&(objectclass=organizationalUnit)(|(
> uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local,
> skipping sync
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
> skipping sync
>
> But I don't see this data being populated on the user tab on the ranger
> admin tool. Is that I am missing something in the config ?
>
> Thanks
>
> Anand
>
>
>
>
>
>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
Do you see any errors in the usersync logs? Is ranger https enabled? If so, are the certs in place properly? Do you see any errors in xa_portal.log?
From: Anandha L Ranganathan <an...@gmail.com>
Reply-To: "user@ranger.apache.org" <us...@ranger.apache.org>
Date: Monday, December 18, 2017 at 12:28 PM
To: "user@ranger.apache.org" <us...@ranger.apache.org>
Subject: Re: LDAP integration, the users and groups are not populating in ranger admin tool
Thanks Sailaja for the reply.
I followed the instruction and able to establish the connection with LDAP and can retrieve all the groups and users. But I am unable to see user and group information on the ranger admin.
I am not sure what other configuration I am missing? The document provides the config information for "Ranger User Info". Is there any config changes required on the Advanced tab ?
Thanks in advance.
On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <sp...@hortonworks.com>> wrote:
Hi Anand,
Looks like some config issue. It will be more helpful to figure out the issue if you can share your config and/or complete usersync logs. For reference, you can check this post on configuration for some common use cases.
https://community.hortonworks.com/articles/105620/configuring-ranger-usersync-with-adldap-for-a-comm.html
Thanks,
Sailaja.
From: Anandha L Ranganathan <an...@gmail.com>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Monday, December 11, 2017 at 5:45 PM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: LDAP integration, the users and groups are not populating in ranger admin tool
Hi
I am trying to integrate Ranger with LDAP. I made all the configuration and connectivity is established wtih LDAP. I was going through the logs and I can see syncing
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing Group search first
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
But I don't see this data being populated on the user tab on the ranger admin tool. Is that I am missing something in the config ?
Thanks
Anand
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Anandha L Ranganathan <an...@gmail.com>.
Thanks Sailaja for the reply.
I followed the instruction and able to establish the connection with LDAP
and can retrieve all the groups and users. But I am unable to see user and
group information on the ranger admin.
I am not sure what other configuration I am missing? The document provides
the config information for "Ranger User Info". Is there any config changes
required on the Advanced tab ?
Thanks in advance.
On Tue, Dec 12, 2017 at 10:07 AM, Sailaja Polavarapu <
spolavarapu@hortonworks.com> wrote:
> Hi Anand,
>
> Looks like some config issue. It will be more helpful to figure out the
> issue if you can share your config and/or complete usersync logs. For
> reference, you can check this post on configuration for some common use
> cases.
>
>
>
> https://community.hortonworks.com/articles/105620/
> configuring-ranger-usersync-with-adldap-for-a-comm.html
>
>
>
> Thanks,
>
> Sailaja.
>
>
>
> *From: *Anandha L Ranganathan <an...@gmail.com>
> *Reply-To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Date: *Monday, December 11, 2017 at 5:45 PM
> *To: *"user@ranger.apache.org" <us...@ranger.apache.org>
> *Subject: *LDAP integration, the users and groups are not populating in
> ranger admin tool
>
>
>
> Hi
>
> I am trying to integrate Ranger with LDAP. I made all the configuration
> and connectivity is established wtih LDAP. I was going through the logs and
> I can see syncing
>
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - LdapDeltaUserGroupBuilder updateSink started
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - Performing Group search first
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - extendedAllGroupsSearchFilter = (&(objectclass=organizationalUnit)(|(
> uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local,
> skipping sync
> 12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread]
> - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local,
> skipping sync
>
> But I don't see this data being populated on the user tab on the ranger
> admin tool. Is that I am missing something in the config ?
>
> Thanks
>
> Anand
>
>
>
>
>
Re: LDAP integration, the users and groups are not populating in
ranger admin tool
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
Hi Anand,
Looks like some config issue. It will be more helpful to figure out the issue if you can share your config and/or complete usersync logs. For reference, you can check this post on configuration for some common use cases.
https://community.hortonworks.com/articles/105620/configuring-ranger-usersync-with-adldap-for-a-comm.html
Thanks,
Sailaja.
From: Anandha L Ranganathan <an...@gmail.com>
Reply-To: "user@ranger.apache.org" <us...@ranger.apache.org>
Date: Monday, December 11, 2017 at 5:45 PM
To: "user@ranger.apache.org" <us...@ranger.apache.org>
Subject: LDAP integration, the users and groups are not populating in ranger admin tool
Hi
I am trying to integrate Ranger with LDAP. I made all the configuration and connectivity is established wtih LDAP. I was going through the logs and I can see syncing
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing Group search first
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=organizationalUnit)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=GDUsers,DC=glassdoor,DC=local, skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=Service Accounts,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
12 Dec 2017 00:19:50 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - cn empty for entry OU=ENGINEERING,OU=GDUsers,DC=glassdoor,DC=local, skipping sync
But I don't see this data being populated on the user tab on the ranger admin tool. Is that I am missing something in the config ?
Thanks
Anand