Mugdha, thanks for clarifying.
Loïc, anonymous bind is generally not recommended due to security issues. Is it possible for you create a lookup/bind user? Thanks Bosco From: Mugdha Varadkar <[email protected]> Reply-To: <[email protected]> Date: Friday, March 17, 2017 at 5:12 AM To: <[email protected]> Cc: <[email protected]> Subject: Re: UserSync with anonymous bind Hi, Anonymous bind is just a property available on Ambari UI to toggle "Bind User Password" property. The property is not persisted in any xml config files. Ranger doesn't support LDAP sync with Anonymous bind DN. The property was added in Ambari-2.2.0 to recommend the same LDAP instance used by Ambari using Anonymous bind LDAP server. In Ambari-2.5.0 with stack 2.6, Anonymous bind property won't be available. Here is the Apache jira: https://issues.apache.org/jira/browse/AMBARI-19437 Thanks, Mugdha Varadkar On Fri, Mar 17, 2017 at 5:23 AM, Don Bosco Durai <[email protected]> wrote: Copy’ing Ambari mailing list also. Mugdha or Gautam who worked on the Ambari stack for Ranger should be able to give more insights. Bosco From: Loïc Chanel <[email protected]> Reply-To: <[email protected]> Date: Thursday, March 16, 2017 at 7:51 AM To: <[email protected]> Subject: UserSync with anonymous bind Hi fellow Ranger users, As I was working on user synchronization from a LDAP with anonymous bind to populate Ranger, I met the same issue as I did almost two years ago : even if I provide Ambari with the property "Anonymous bind", the property is ignored and either Ambari complains that I didn't provided Ranger with a password for LDAP bind, or Ranger UserSync doesn't work because of bad credentials when binding the LDAP. Even more mysterious is the fact that the property cannot be found in the XML properties files. At the time I first needed this, I used a manual setting I described in that documentation ( https://cwiki.apache.org/confluence/display/RANGER/Configure+Ranger+UserSync+for+LDAP ) but as the configuration changed (I'm using Ranger 0.5.0 with Ambari 2.2.2.0) it doesn't work anymore. Did someone met the same issue ? Is there a workaround/patch ? Thanks for your help, Loïc Loïc CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France)
