[ https://issues.apache.org/jira/browse/RANGER-4022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17767509#comment-17767509 ]
Bhavik Patel commented on RANGER-4022: -------------------------------------- Is this resolved? If no can you check "rangerusersync" user is present in the Ranger Admin or not? > Facing Ranger AD sync issue > --------------------------- > > Key: RANGER-4022 > URL: https://issues.apache.org/jira/browse/RANGER-4022 > Project: Ranger > Issue Type: Task > Components: usersync > Affects Versions: 2.0.0 > Reporter: Ajay > Priority: Major > > Hi Team, > > I am working on creating Open_source KAFKA/RANGER/AMBARI cluster , however > everything has been setup but facing error while RANGER_AD sync. So Ranger > admin and Ranger usersync are getting started via Ambari however with below > errors it is getting failed. I am at a point where i am not able to find > where the issue is at , any help will be appreciate able. > > Below is the error snap. > > Note:- this is a sample user taken from Ldap > {code:java} > 13 Dec 2022 18:19:42 INFO UnixAuthenticationService [main] - Starting User > Sync Service! > 13 Dec 2022 18:19:43 INFO AbstractMapper [UnixUserSyncThread] - Initializing > for ranger.usersync.mapping.username.regex > 13 Dec 2022 18:19:43 INFO AbstractMapper [UnixUserSyncThread] - Initializing > for ranger.usersync.mapping.groupname.regex > 13 Dec 2022 18:19:43 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > LdapDeltaUserGroupBuilder created > 13 Dec 2022 18:19:43 INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep > Time Between Cycle can not be lower than [3600000] millisec. resetting to min > value. > 13 Dec 2022 18:19:43 INFO UserGroupSync [UnixUserSyncThread] - initializing > sink: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder > 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] - sampler.classes = ; > loaded no samplers > 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] - > span.receiver.classes = ; loaded no span receivers > 13 Dec 2022 18:19:45 INFO AbstractMapper [UnixUserSyncThread] - Initializing > for ranger.usersync.mapping.username.regex > 13 Dec 2022 18:19:45 INFO AbstractMapper [UnixUserSyncThread] - Initializing > for ranger.usersync.mapping.groupname.regex > 13 Dec 2022 18:19:45 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > LdapDeltaUserGroupBuilder created > 13 Dec 2022 18:19:45 INFO UserGroupSync [UnixUserSyncThread] - initializing > source: org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder > 13 Dec 2022 18:19:45 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > LdapDeltaUserGroupBuilder initialization started > 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: > ldap://ldap-aws-us-east.mstarext.com:389, ldapBindDn: > CN=aws_hadoop_prd_ad_user,OU=Service Accounts,OU=Hadoop,OU=CORESVC_Core > Services,OU=Servers and Services,DC=mstarext,DC=com, ldapBindPassword: ***** > , ldapAuthenticationMechanism: simple, searchBase: DC=mstarext,DC=com, > userSearchBase: [dc=mstarext,dc=com], userSearchScope: 2, userObjectClass: > user, userSearchFilter: (&(objectClass=person)(objectClass=user)), > extendedUserSearchFilter: null, userNameAttribute: sAMAccountName, > userSearchAttributes: [uSNChanged, sAMAccountName, modifytimestamp], > userGroupNameAttributeSet: null, pagedResultsEnabled: true, > pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: > [DC=mstarext,DC=com], groupSearchScope: 2, groupObjectClass: group, > groupSearchFilter: (objectClass=group), extendedGroupSearchFilter: > (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, > groupMemberAttributeName: member, groupNameAttribute: sAMAccountName, > groupSearchAttributes: [uSNChanged, sAMAccountName, member, modifytimestamp], > groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false, > userSearchEnabled: false, ldapReferral: follow > 13 Dec 2022 18:19:46 INFO UserGroupSync [UnixUserSyncThread] - Begin: > initial load of user/group from source==>sink > 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > LdapDeltaUserGroupBuilder updateSink started > 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > Performing user search first > 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > extendedUserSearchFilter = > (&(objectclass=user)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(&(objectClass=person)(objectClass=user))) > 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > uSNChangedVal = 77639505and currentDeltaSyncTime = 77639505 > 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - INFO: addPMAccount(MSPRDDCAWSE02$) > 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.getMUser() > 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() > 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() > 13 Dec 2022 18:19:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - USER GROUP > MAPPING{"loginId":"MSPRDDCAWSE02$","firstName":"MSPRDDCAWSE02$","lastName":"MSPRDDCAWSE02$","userRoleList":[null]} > 13 Dec 2022 18:19:47 INFO UnixAuthenticationService [main] - Enabling Unix > Auth Service! > 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Disabling > Protocol: [TLSv1.3] > 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1.2] > 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1.1] > 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1] > 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling > Protocol: [SSLv2Hello] > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - RESPONSE[<!doctype html><html lang="en"><head><title>HTTP Status 403 – > Forbidden</title><style type="text/css">H1 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} > H2 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} > H3 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} > BODY > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A > {color : black;}A.name {color : black;}HR {color : > #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr > class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails)</p><p><b>Description</b> The server understood the > request but refuses to authorize it.</p><hr class="line" /><h3>Apache > Tomcat/7.0.94</h3></body></html>] > 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - Failed to add User : > com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: > Expected BEGIN_OBJECT but was STRING at line 1 column 1 > at > com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176) > at com.google.gson.Gson.fromJson(Gson.java:803) > at com.google.gson.Gson.fromJson(Gson.java:768) > at com.google.gson.Gson.fromJson(Gson.java:717) > at com.google.gson.Gson.fromJson(Gson.java:689) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getMUser(LdapPolicyMgrUserGroupBuilder.java:844) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$600(LdapPolicyMgrUserGroupBuilder.java:71) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:808) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:804) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:360) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addMUser(LdapPolicyMgrUserGroupBuilder.java:804) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:292) > at > org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:525) > at > org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335) > at > org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58) > at java.lang.Thread.run(Thread.java:750) > Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was > STRING at line 1 column 1 > at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374) > at > com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165) > ... 16 more > 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - Failed to add portal user > 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > sink.addOrUpdateUser failed with exception: Failed to add portal user, for > user: MSPRDDCAWSE02$ > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.addUserGroupInfo MSPRDDCAWSE02$ and groups > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - INFO: addPMXAUser(MSPRDDCAWSE02$) > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret) > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - USER GROUP > MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ - > add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]} > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - USER GROUP > MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ - > add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]} > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() > 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - RESPONSE: [<!doctype html><html lang="en"><head><title>HTTP Status 403 – > Forbidden</title><style type="text/css">H1 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} > H2 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} > H3 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} > BODY > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A > {color : black;}A.name {color : black;}HR {color : > #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr > class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails)</p><p><b>Description</b> The server understood the > request but refuses to authorize it.</p><hr class="line" /><h3>Apache > Tomcat/7.0.94</h3></body></html>] > 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - Failed to add User Group Info : > com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: > Expected BEGIN_OBJECT but was STRING at line 1 column 1 > at > com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176) > at com.google.gson.Gson.fromJson(Gson.java:803) > at com.google.gson.Gson.fromJson(Gson.java:768) > at com.google.gson.Gson.fromJson(Gson.java:717) > at com.google.gson.Gson.fromJson(Gson.java:689) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(LdapPolicyMgrUserGroupBuilder.java:424) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$200(LdapPolicyMgrUserGroupBuilder.java:71) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:337) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:333) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:360) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addUserGroupInfo(LdapPolicyMgrUserGroupBuilder.java:333) > at > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:178) > at > org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:557) > at > org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335) > at > org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58) > at java.lang.Thread.run(Thread.java:750) > Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was > STRING at line 1 column 1 > at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374) > at > com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165) > ... 16 more > 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] > - Failed to add addorUpdate user group info > 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > sink.addOrUpdateUserGroups failed with exception: Failed to add addorUpdate > user group info, for user: MSPRDDCAWSE02$ and groups: [] > 13 Dec 2022 18:19:58 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > Updating user count: 1, userName: MSPRDDCAWSE02$ > 13 Dec 2022 18:19:58 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - > uSNChangedVal = 78055074and currentDeltaSyncTime = 78055074 > {code} > ** -- This message was sent by Atlassian Jira (v8.20.10#820010)