Re: usersync and Ranger UI Login

Can you also check what is the value assigned to “ranger.ldap.ad.base.dn”? And is the user logging in using sAMAccountName? From: Jon Morisi mailto:jon.mor...@hsc.utah.edu>> Reply-To: "user@ranger.apache.org" mailto:user@ranger.apache.org>> Date: Wednesday, April 1

Re: usersync and Ranger UI Login

UI Login ranger.ldap.ad.base.dn is my domain, for example DC=example,DC=com I do have openLDAP installed and am able to verify that I am using the sAMAccountName via ldapsearch. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 4:33 PM To: user@ranger.ap

Re: usersync and Ranger UI Login

i Sent: Wednesday, April 19, 2017 4:55 PM To: user@ranger.apache.org<mailto:user@ranger.apache.org> Subject: RE: usersync and Ranger UI Login Sorry typo / misspoke. What I meant was ldap-utils. I am using AD. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April

Re: usersync and Ranger UI Login

myserver]:636 -x -D ‘Domain\sAMAccountName ' -W -b ‘[basedn]' -d 1 Thanks, Jon From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 6:01 PM To: user@ranger.apache.org<mailto:user@ranger.apache.org> Subject: Re: usersync and Ranger UI Login Thank

Re: usersync and Ranger UI Login

x27;Negotiate' : … WARN org.apache.hadoop.util.NativeCodeLoader (NativeCodeLoader.java:62) - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Thanks, Jon From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Thursday, April 20,

Re: Need configuration Documentation for Ranger 7.1 and mysql

Hi Arun, Ldap tool is mainly used to help configure various parameters for usersync. Currently it doesn’t have support for ldaps. I see that you already know the url, binddn, usersearch base, and user search filter, you can configure these properties in usersync. Are you using Ambari? Or is it m

Re: Need configuration Documentation for Ranger 7.1 and mysql

You can also take a look at the article below for more information - https://community.hortonworks.com/content/kbentry/105620/configuring-ranger-usersync-with-adldap-for-a-comm.html From: Sailaja Polavarapu Reply-To: "user@ranger.apache.org" Date: Thursday, August 17, 2017 at 2:25 PM

Re: User sync service throws InvalidAttributeException.

Hi Arun, I see that “SYNC_LDAP_USER_SEARCH_SCOPE” is mis-configured. The accepted values are “one”, “base”, or “sub”. Default value is “sub” which includes searching all the child objects in the search tree. “SYNC_LDAP_USER_SEARCH_FILTER” can be set to “cn=*” which mainly says that get all the u

Re: LDAP integration, the users and groups are not populating in ranger admin tool

Hi Anand, Looks like some config issue. It will be more helpful to figure out the issue if you can share your config and/or complete usersync logs. For reference, you can check this post on configuration for some common use cases. https://community.hortonworks.com/articles/105620/configuring-ran

Re: LDAP integration, the users and groups are not populating in ranger admin tool

mation on the ranger admin. I am not sure what other configuration I am missing? The document provides the config information for "Ranger User Info". Is there any config changes required on the Advanced tab ? Thanks in advance. On Tue, Dec 12, 2017 at 10:07 AM, Saila

Re: Ranger - Sync Users from Azure Active Directory

Hi Sirisha, Currently ranger requires any user with read privileges as the bind user (no need to have admin privileges for performing sync from LDAP/AD). Anonymous bind is not currently supported. Just curious, how are these users from Azure AD mapped to Hadoop? Thanks, Sailaja. From: "CHODISE

Re: Ranger - Sync Users from Azure Active Directory

groups can be dumped to a file, you can use “File” as sync source to sync users and groups. Thanks, Sailaja. From: "CHODISETTY, LAKSHMI SIRISHA" Date: Wednesday, February 28, 2018 at 4:06 AM To: Sailaja Polavarapu Subject: RE: Ranger - Sync Users from Azure Active Directory Hi Sailaj

[ANNOUNCE] Apache Ranger 1.0.0 released

. For more information on how to report problems, and to get involved, visit the project website at https://ranger.apache.org/ Thanks, Sailaja On 3/19/18, 10:13 AM, "Sailaja Polavarapu" wrote: Hello Rangers: Thank you so much for your efforts to validate Apache Ranger 1.0

Re: Ranger usersync plugin errors

Hi Taher, Can you send the full usersync logs? That way I can see what all attributes usersync is requesting for. Thanks, Sailaja Sent from my iPhone On Jun 17, 2018, at 10:39 PM, Taher Koitawala mailto:taher.koitaw...@gslab.com>> wrote: This issue is still not resolved can someone please he

Re: error "Sorry, Please sync-up the users with your source directory"

This is known issue from Knox side. From: Lian Jiang Reply-To: "user@ranger.apache.org" Date: Tuesday, July 10, 2018 at 10:53 PM To: "user@ranger.apache.org" Subject: Re: error "Sorry, Please sync-up the users with your source directory" Ranger works if I use a private window in firefox. Looks

Re: LDAP groups are not synced in ranger

Hi Lian Jiang, I see that the “groupMemberAttributeName” or (ranger.usersync.group.memberattributename) is configured as “member”. Can you please verify in your ldap if the members of the groups are configured with “member” attribute or “memberUid” attribute? Thanks, Sailaja. From: Lian Jiang

Re: Ranger Usersync Not Updating After Initial Sync

Hi Helene, Looks like you have "groupSearchEnabled" set to "false" which is not supported with incremental/delta sync. Can you try with "groupSearchEnabled" set to "true"? Thanks, Sailaja On Thu, Jun 6, 2019 at 4:42 PM Vipin Rathor wrote: > Hello Helene, > Could you please enable DEBUG log lev

Re: Clarification on incremental sync

Hi Reed Villanueva, >> 1. If I were to go into the Ranger UI and go to the users and groups menu and manually delete all of the AD users and groups, then add the user search filter to the Ranger configs, and restart Ranger would that wipe the rest of the users from Ranger's user DB and leave only t

Re: Clarification on incremental sync

e Ranger UI > (even though user sync set to use AD/LDAP), since they exist across all > nodes of the cluster, just as unix local users rather than AD users? > > On Mon, Dec 9, 2019 at 3:08 PM Sailaja Polavarapu < > spolavar...@cloudera.com> wrote: > >> Hi Reed Villanuev

Re: AD user search filter syntax for “all users in a specified OU DN path”

Hi Reed, Ranger Usersync has few properties to be configured in order to filter users to be sync'd to Ranger. User Search Base: This property specifies the OU(s) path where the users are located in AD. For your usecase it should be " OU=Users,OU=HortonworksUsers,DC=ucera,DC=local". Just an FYI, ra

Re: User creation via REST API

Hi Elliot, The request looks fine. Hope ranger is running on port 8080. I quickly tried the same on my setup and the request is successful and I see the user in ranger UI. Do you see any errors in ranger admin logs? When you mentioned, the response seems incomplete, can you give some details? - S

Re: Ranger 2.1 - Usersync 401s after successful initial load

Hi Geri, I haven't seen this issue in my local setup. From the above logs, I see that "valid cookie is saved" after first sync, but in the next sync cycle usersync is using credential login which is strange. In Usersync, for every request to ranger admin, first try with the saved cookie (which is

Re: Ranger 2.1 - Usersync 401s after successful initial load

java:110) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:165) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) >> at >> org.apach

Re: Planning for Apache Ranger 2.2.0 release

+1 Thanks Ramesh for putting this together. - Sailaja. On Mon, Sep 20, 2021 at 12:46 PM Abhay Kulkarni wrote: > +1. > > Thanks, Ramesh. > > On Mon, Sep 20, 2021 at 8:48 AM Ramesh Mani wrote: > > > > Dear Ranger Community members, > > > > This is the reminder to give your opinion on Apache Range

Re: Planning for Apache Ranger 2.3.0 release

Hi Ramesh, +1 for Ranger 2.3 release. Thanks for the initiative. - Sailaja On Thu, Apr 28, 2022 at 7:21 AM Ramesh Mani wrote: > zhoutianling, > > Thanks for the review. These Jiras are part of the Apache Ranger 2.3 apache > release, it's not pulled in this published list as this may not have >

Re: Ranger 1.2 usersync and AD connection reset

Hi Felipe, In the recent version (ranger-2.4) there are a lot of improvements made on usersync side to optimize the way we retrieve data from AD/LDAP and computing delta as well as ranger admin POST calls. Some of the related jiras are - RANGER-2986

Re: [Usersync] LDAP Anonymous bind

Hi Loïc CHANEL, Looks like we need to update the comment in the install.properties file as anonymous bind is not supported anymore for LDAP sync in Ranger. Thanks, Sailaja. On Wed, Feb 7, 2024 at 6:28 AM Loïc CHANEL wrote: > Hi guys, > > Has anyone been able to make LDAP sync work with an anon

Re: [Usersync] Fetch several attributes

Hi Loïc CHANEL, Syncing extra attributes from AD/LDAP is partly supported as part of RANGER-2697 . Can you please check it out and see if this works for your use case? It is not exactly what you are asking for, but in Usersync, there is an option

Re: LDAP sync shows no log

Ranger Usersync caches the users and groups that are sync'd from LDAP and uses this to compute delta for every sync cycle in order to update ranger admin with the changes. Initially, during start up, this cache is built from the users and groups that are in Ranger admin and is updated only when the

Re: Usersync from file

This is strange as I don't see any logs from updateSink() method . Can you check the timestamp on the file and try updating the file? and also check if the

Re: Usersync from file

th Ranger Admin to > load all the users, but the users in the file are not created. Is there > some configuration missing from > https://cwiki.apache.org/confluence/display/RANGER/File+Source+User+Group+Sync+process > ? > Thanks, > > > Loïc CHANEL > Technical leader

Re: Usersync from file

echnical leader Big Data >> Capgemini (Lyon, France) >> >> >> Le ven. 8 mars 2024 à 17:24, Sailaja Polavarapu >> a écrit : >> >>> Which branch are you using? And can you share the usersync config? >>> >>> On Fri, Mar 8, 2024 at 8:10 AM Lo

Re: Groups not retrieved

Hi Loic, I see that you have below config properties for group search. In this case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base. Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org" group is under the configured search base? groupSearchEnabled: true, gro

Re: Groups not retrieved

reate a group named "9001928" and add John Doe to that group, > but it doesn't work. Does Usersync only expect groups with LDAP structure > (like the memberOf line) ? > Thanks, > > > Loïc > > Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu > a écrit : > &g

Re: LDAP authentication issue

ranger.ldap.user.dnpattern currently takes only one pattern which seems to be a bug. Because the underlying spring security ldap library API supports array of patterns. For now, can you try filtering based on any other attributes? For example below config filters the users from group1 & group2 rang

Re: LDAP authentication issue

; >> Loïc CHANEL >> Technical leader Big Data >> Capgemini (Lyon, France) >> >> >> Le ven. 19 avr. 2024 à 05:08, Vipin Rathor a écrit : >> >>> Thank Sailaja for the reply. I was about to reply that >>> Spring LD

Re: Usersync

rangerusersync user is an internal user and the password is generated as part of the initial ranger setup ( https://github.com/apache/ranger/blob/master/security-admin/scripts/install.properties#L87). You can also reset the password of ragerusersync user by logging in to Ranger Admin UI with admin/

Re: No usersync

Hi Marc, Some overview of Ranger Usersync - Ranger Usersync has three main duties - 1. Syncing users and groups from configured sync source, 2. Compute delta for each sync cycle, and 3. Update Ranger admin the user and group information so that Ranger admin persists this info in its DB 1. Syncing