Hi  Nixon,

I had resolved finally with Hadoop UGI. As I said before, LDAP option has
group config, I don´t understand why AD hasn´t.

https://github.com/apache/atlas/blob/master/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
http://atlas.apache.org/Authentication-Authorization.html

Thank you,

Regards.


2018-02-27 17:19 GMT+01:00 Nixon Rodrigues <
nixon.rodrig...@freestoneinfotech.com>:

> Hi Jorge,
>
> Not all AD / open ldap server returns groups along with the user, therefore 
> Atlas by default try to read the groups
>
> from hadoop UGI.  Ldap usergroups can be synced in Hadoop-UGi by configuring 
> the hadoop core-site.xml
>
> I am not completely sure but if your AD with configured correctly to return 
> group you can try setting below property and check
>
> *atlas.authentication.method.ldap.ugi-groups = false*
>
> https://github.com/apache/atlas/blob/master/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java#L136
>
> Hope this helps
>
> Nixon
>
>
>
> On Tue, Feb 27, 2018 at 8:07 PM, Jorge Bueno Magdalena <
> j.buenomagdal...@gmail.com> wrote:
>
>> Hi all,
>>
>> According to http://atlas.apache.org/Authentication-Authorization.html,
>> in LDAP I can use group parameteres but no for AD. ¿how can I use Active
>> Directory groups in Apache Atlas?
>>
>> I am using Ranger for giving authorizations. It works for users but no
>> for groups.
>> In the logs I have seen that Atlas try to get groups with "id user". Why
>> doesn´t Atlas look for in Active Directory instead of the OS?
>>
>> I understand I can have a workaround, setting that in OS. But, is it
>> possible with Atlas and Active Directory?
>>
>> Thank you so much
>>
>> Regards.
>>
>
>

Reply via email to