Hari Sekhon created RANGER-217:
----------------------------------
Summary: Add LDAPS support / fix incorrectly returning Bad
Credentials for connection problem
Key: RANGER-217
URL: https://issues.apache.org/jira/browse/RANGER-217
Project: Ranger
Issue Type: Bug
Affects Versions: 0.4.0
Environment: HDP 2.2
Reporter: Hari Sekhon
When configuring ranger-admin to use LDAPS it seems to not be supported or
breaks with incorrect error.
In install.properties
{code}xa_ldap_url="ldaps://host.domain.com:636"{code}
While attempting to log in to ranger admin web ui,
/var/log/ranger/admin/xa_portal.log shows: {code}2015-01-13 15:54:34,522
[http-bio-6080-exec-3] INFO com.xasecure.security.listener.SpringEventListener
(SpringEventListener.java:87) - Login Unsuccessful:hari | Ip Address:x.x.x.x |
Bad Credentials
{code} I can understand if this is because my LDAPS server uses a self-signed
cert and I need to supply a trusted CA cert but I can't see any setting for
that or find any documentation around Apache Ranger LDAPS.
That Bad Credentials error is clearly wrong because redeploying ranger-admin
using straight LDAP allows login to succeed with the same password:
{code}xa_ldap_url="ldap://host.domain.com:389"{code}
This is both insecure to only work with plain LDAP and also the error message
is wrong since it was the exact same password used on the Ranger Admin web UI
in both cases.
Regards,
Hari Sekhon
http://www.linkedin.com/in/harisekhon
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
