[
https://issues.apache.org/jira/browse/RANGER-4022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17767509#comment-17767509
]
Bhavik Patel commented on RANGER-4022:
--------------------------------------
Is this resolved? If no can you check "rangerusersync" user is present in the
Ranger Admin or not?
> Facing Ranger AD sync issue
> ---------------------------
>
> Key: RANGER-4022
> URL: https://issues.apache.org/jira/browse/RANGER-4022
> Project: Ranger
> Issue Type: Task
> Components: usersync
> Affects Versions: 2.0.0
> Reporter: Ajay
> Priority: Major
>
> Hi Team,
>
> I am working on creating Open_source KAFKA/RANGER/AMBARI cluster , however
> everything has been setup but facing error while RANGER_AD sync. So Ranger
> admin and Ranger usersync are getting started via Ambari however with below
> errors it is getting failed. I am at a point where i am not able to find
> where the issue is at , any help will be appreciate able.
>
> Below is the error snap.
>
> Note:- this is a sample user taken from Ldap
> {code:java}
> 13 Dec 2022 18:19:42 INFO UnixAuthenticationService [main] - Starting User
> Sync Service!
> 13 Dec 2022 18:19:43 INFO AbstractMapper [UnixUserSyncThread] - Initializing
> for ranger.usersync.mapping.username.regex
> 13 Dec 2022 18:19:43 INFO AbstractMapper [UnixUserSyncThread] - Initializing
> for ranger.usersync.mapping.groupname.regex
> 13 Dec 2022 18:19:43 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder created
> 13 Dec 2022 18:19:43 INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep
> Time Between Cycle can not be lower than [3600000] millisec. resetting to min
> value.
> 13 Dec 2022 18:19:43 INFO UserGroupSync [UnixUserSyncThread] - initializing
> sink: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder
> 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] - sampler.classes = ;
> loaded no samplers
> 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] -
> span.receiver.classes = ; loaded no span receivers
> 13 Dec 2022 18:19:45 INFO AbstractMapper [UnixUserSyncThread] - Initializing
> for ranger.usersync.mapping.username.regex
> 13 Dec 2022 18:19:45 INFO AbstractMapper [UnixUserSyncThread] - Initializing
> for ranger.usersync.mapping.groupname.regex
> 13 Dec 2022 18:19:45 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder created
> 13 Dec 2022 18:19:45 INFO UserGroupSync [UnixUserSyncThread] - initializing
> source: org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder
> 13 Dec 2022 18:19:45 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder initialization started
> 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl:
> ldap://ldap-aws-us-east.mstarext.com:389, ldapBindDn:
> CN=aws_hadoop_prd_ad_user,OU=Service Accounts,OU=Hadoop,OU=CORESVC_Core
> Services,OU=Servers and Services,DC=mstarext,DC=com, ldapBindPassword: *****
> , ldapAuthenticationMechanism: simple, searchBase: DC=mstarext,DC=com,
> userSearchBase: [dc=mstarext,dc=com], userSearchScope: 2, userObjectClass:
> user, userSearchFilter: (&(objectClass=person)(objectClass=user)),
> extendedUserSearchFilter: null, userNameAttribute: sAMAccountName,
> userSearchAttributes: [uSNChanged, sAMAccountName, modifytimestamp],
> userGroupNameAttributeSet: null, pagedResultsEnabled: true,
> pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase:
> [DC=mstarext,DC=com], groupSearchScope: 2, groupObjectClass: group,
> groupSearchFilter: (objectClass=group), extendedGroupSearchFilter:
> (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null,
> groupMemberAttributeName: member, groupNameAttribute: sAMAccountName,
> groupSearchAttributes: [uSNChanged, sAMAccountName, member, modifytimestamp],
> groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false,
> userSearchEnabled: false, ldapReferral: follow
> 13 Dec 2022 18:19:46 INFO UserGroupSync [UnixUserSyncThread] - Begin:
> initial load of user/group from source==>sink
> 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> LdapDeltaUserGroupBuilder updateSink started
> 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> Performing user search first
> 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> extendedUserSearchFilter =
> (&(objectclass=user)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(&(objectClass=person)(objectClass=user)))
> 13 Dec 2022 18:19:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> uSNChangedVal = 77639505and currentDeltaSyncTime = 77639505
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - INFO: addPMAccount(MSPRDDCAWSE02$)
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.getMUser()
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - USER GROUP
> MAPPING{"loginId":"MSPRDDCAWSE02$","firstName":"MSPRDDCAWSE02$","lastName":"MSPRDDCAWSE02$","userRoleList":[null]}
> 13 Dec 2022 18:19:47 INFO UnixAuthenticationService [main] - Enabling Unix
> Auth Service!
> 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Disabling
> Protocol: [TLSv1.3]
> 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1.2]
> 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1.1]
> 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling
> Protocol: [TLSv1]
> 13 Dec 2022 18:19:48 INFO UnixAuthenticationService [main] - Enabling
> Protocol: [SSLv2Hello]
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - RESPONSE[<!doctype html><html lang="en"><head><title>HTTP Status 403 –
> Forbidden</title><style type="text/css">H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color :
> #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr
> class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b>
> GSSException: No valid credentials provided (Mechanism level: Failed to find
> any Kerberos credentails)</p><p><b>Description</b> The server understood the
> request but refuses to authorize it.</p><hr class="line" /><h3>Apache
> Tomcat/7.0.94</h3></body></html>]
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - Failed to add User :
> com.google.gson.JsonSyntaxException: java.lang.IllegalStateException:
> Expected BEGIN_OBJECT but was STRING at line 1 column 1
> at
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
> at com.google.gson.Gson.fromJson(Gson.java:803)
> at com.google.gson.Gson.fromJson(Gson.java:768)
> at com.google.gson.Gson.fromJson(Gson.java:717)
> at com.google.gson.Gson.fromJson(Gson.java:689)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getMUser(LdapPolicyMgrUserGroupBuilder.java:844)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$600(LdapPolicyMgrUserGroupBuilder.java:71)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:808)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:804)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addMUser(LdapPolicyMgrUserGroupBuilder.java:804)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:292)
> at
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:525)
> at
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335)
> at
> org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
> at java.lang.Thread.run(Thread.java:750)
> Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was
> STRING at line 1 column 1
> at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
> at
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
> ... 16 more
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - Failed to add portal user
> 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> sink.addOrUpdateUser failed with exception: Failed to add portal user, for
> user: MSPRDDCAWSE02$
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.addUserGroupInfo MSPRDDCAWSE02$ and groups
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - INFO: addPMXAUser(MSPRDDCAWSE02$)
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - USER GROUP
> MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ -
> add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]}
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - USER GROUP
> MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ -
> add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]}
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - RESPONSE: [<!doctype html><html lang="en"><head><title>HTTP Status 403 –
> Forbidden</title><style type="text/css">H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color :
> #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr
> class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b>
> GSSException: No valid credentials provided (Mechanism level: Failed to find
> any Kerberos credentails)</p><p><b>Description</b> The server understood the
> request but refuses to authorize it.</p><hr class="line" /><h3>Apache
> Tomcat/7.0.94</h3></body></html>]
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - Failed to add User Group Info :
> com.google.gson.JsonSyntaxException: java.lang.IllegalStateException:
> Expected BEGIN_OBJECT but was STRING at line 1 column 1
> at
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
> at com.google.gson.Gson.fromJson(Gson.java:803)
> at com.google.gson.Gson.fromJson(Gson.java:768)
> at com.google.gson.Gson.fromJson(Gson.java:717)
> at com.google.gson.Gson.fromJson(Gson.java:689)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(LdapPolicyMgrUserGroupBuilder.java:424)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$200(LdapPolicyMgrUserGroupBuilder.java:71)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:337)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:333)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addUserGroupInfo(LdapPolicyMgrUserGroupBuilder.java:333)
> at
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:178)
> at
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:557)
> at
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335)
> at
> org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
> at java.lang.Thread.run(Thread.java:750)
> Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was
> STRING at line 1 column 1
> at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
> at
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
> ... 16 more
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - Failed to add addorUpdate user group info
> 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> sink.addOrUpdateUserGroups failed with exception: Failed to add addorUpdate
> user group info, for user: MSPRDDCAWSE02$ and groups: []
> 13 Dec 2022 18:19:58 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> Updating user count: 1, userName: MSPRDDCAWSE02$
> 13 Dec 2022 18:19:58 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
> uSNChangedVal = 78055074and currentDeltaSyncTime = 78055074
> {code}
> **
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
