Bosco, Mugdha, thanks for your inputs. I know this is not recommended, but as the LDAP is in a private network and we just pull the username and groups associated to it, this is not much of a security issue from our point of view.
But if Ranger does not support it anymore, I'll ask my security team if it is possible to create a technical user whose only role will be to read into the LDAP like an anonymous user. Thanks, Loïc Loïc CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France) 2017-03-17 22:37 GMT+01:00 Don Bosco Durai <bo...@apache.org>: > Mugdha, thanks for clarifying. > > > > Loïc, anonymous bind is generally not recommended due to security issues. > Is it possible for you create a lookup/bind user? > > > > Thanks > > > > Bosco > > > > > > *From: *Mugdha Varadkar <mugdha.varadkar...@gmail.com> > *Reply-To: *<email@example.com> > *Date: *Friday, March 17, 2017 at 5:12 AM > *To: *<firstname.lastname@example.org> > *Cc: *<d...@ambari.apache.org> > *Subject: *Re: UserSync with anonymous bind > > > > Hi, > > > > Anonymous bind is just a property available on Ambari UI to toggle "Bind > User Password" property. The property is not persisted in any xml config > files. Ranger doesn't support LDAP sync with Anonymous bind DN. The > property was added in Ambari-2.2.0 to recommend the same LDAP instance used > by Ambari using Anonymous bind LDAP server. > > In Ambari-2.5.0 with stack 2.6, Anonymous bind property won't be > available. > Here is the Apache jira: https://issues.apache.org/ > jira/browse/AMBARI-19437 > > > > Thanks, > Mugdha Varadkar > > > > On Fri, Mar 17, 2017 at 5:23 AM, Don Bosco Durai <bo...@apache.org> wrote: > > Copy’ing Ambari mailing list also. Mugdha or Gautam who worked on the > Ambari stack for Ranger should be able to give more insights. > > > > Bosco > > > > > > From: Loïc Chanel <loic.cha...@telecomnancy.net> > Reply-To: <email@example.com> > Date: Thursday, March 16, 2017 at 7:51 AM > To: <u...@ranger.incubator.apache.org> > Subject: UserSync with anonymous bind > > > > Hi fellow Ranger users, > > > > As I was working on user synchronization from a LDAP with anonymous bind > to populate Ranger, I met the same issue as I did almost two years ago : > even if I provide Ambari with the property "Anonymous bind", the property > is ignored and either Ambari complains that I didn't provided Ranger with a > password for LDAP bind, or Ranger UserSync doesn't work because of bad > credentials when binding the LDAP. Even more mysterious is the fact that > the property cannot be found in the XML properties files. > > > > At the time I first needed this, I used a manual setting I described in > that documentation ( https://cwiki.apache.org/confluence/display/RANGER/ > Configure+Ranger+UserSync+for+LDAP ) but as the configuration changed > (I'm using Ranger 0.5.0 with Ambari 184.108.40.206) it doesn't work anymore. > > > > Did someone met the same issue ? Is there a workaround/patch ? > > Thanks for your help, > > > > > > Loïc > > > Loïc CHANEL > System Big Data engineer > MS&T - WASABI - Worldline (Villeurbanne, France) > > >