I am creating a ranger policy for admin user to use knox admin topology. My cluster uses ldap for authentication. If I set XASecurePDPKnox authorization as true, then ranger admin "test connection" to knox will get 403 forbidden response. If I set XASecurePDPKnox as false, then "test connection" succeeds.
This sounds chicken and egg problem. I am creating a policy to allow admin to access admin topology. But the admin need knox access before the policy can be created. I understand the policy can still be created even "test connection" fails. But should I use XASecurePDPKnox=true and add the policy even "test connection" fails? Or I should use "XASecurePDPKnox=false" and add the policy with a successful "test connection"? Thanks for any hints.
