Hi all,
I didn't want to bother the dev group but with the user group being unpopulated
I feel as though I have little choice.
We are NOT using ambari, cloudera or any other management tool for our Hadoop
install.
My main issues are with the usersync function and its use with LDAP as the
source. There is almost no valid documentation to accompany this software.
I run a query with the username and password using LDAPSEARCH (unix) and gets
results, all I get with the usersync setup is the same error
04 Feb 2025 13:21:25 ERROR o.a.r.l.p.LdapUserGroupBuilder [UnixUserSyncThread]
- LdapUserGroupBuilder.getUsers() failed with exception:
javax.naming.CommunicationException: simple bind failed: ldapbts.eset.corp:636
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2897)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2799)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2772)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1969)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1872)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.getUsers(LdapUserGroupBuilder.java:492)
at
org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:384)
at
org.apache.ranger.usergroupsync.UserGroupSync.syncUserGroup(UserGroupSync.java:101)
at
org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:56)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Connection or outbound has closed
at
sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1181)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:448)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:421)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 15 common frames omitted
When I did get any results I had users but no associated group, or I had all
groups but no users for the group I was supposedly filtering. When I had users
I removed a user via the ranger-admin UI and waited a day (7.5 hours) but the
deleted user did NOT reappear via any subsequent LDAP function. I then set
delta to false and waited another day and got the same result: no returned user.
After changing the config and re-running setup I only receive the preceeding
java error.
I tried using 2.5.0 but then came across the phenomenon where no usersync
logging was occurring. Which made troubleshooting anything a serious
problem...so I return to 2.4.0.
If I omit the usersync password in the install.properties then setup fails, if
I have the password specified then it succeeds. WHY? Surely, if the password
has already been set by ranger-admin setup then it should not need to be
provided for the usersync setup.
Any clarifying information on getting this to work would help immensely.
Marc
