Hi, Sailaja, It helped a bit. I used the UI to change the password and restarted usersync (just to be sure) but I still get the same warnings (and thus no data). However, this appears to be UnixUserSync. IF I have LDAP setting, should these warnings not reflect that? Furthermore, if I am using LDAP why would this be trying to RETRIEVE user and group info FROM admin. This is supposd to put data into admin, isn’t it?
07 Jun 2024 07:19:07 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 07 Jun 2024 07:19:07 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - PolicyMgrUserGroupBuilder.buildGroupList(): No. of groups retrieved from ranger admin 0 07 Jun 2024 07:19:07 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 07 Jun 2024 07:19:07 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - PolicyMgrUserGroupBuilder.buildUserList(): No. of users retrieved from ranger admin = 0 07 Jun 2024 07:19:07 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 07 Jun 2024 07:19:07 INFO o.a.r.u.UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuild From: Sailaja Polavarapu <[email protected]> Sent: Friday, June 7, 2024 1:42 AM To: [email protected] Subject: Re: Usersync EXTERNAL rangerusersync user is an internal user and the password is generated as part of the initial ranger setup (https://github.com/apache/ranger/blob/master/security-admin/scripts/install.properties#L87). You can also reset the password of ragerusersync user by logging in to Ranger Admin UI with admin/rangerR0cks! (https://github.com/apache/ranger/blob/master/README.md). Just a FYI - Ranger stores passwords (in encrypted format) in DB only for internal users in x_portal_user table. For external users, you need to configure the corresponding authentication mechanism where the users are sync'd from. Hope this helps, Sailaja. On Thu, Jun 6, 2024 at 6:06 AM Marc Hoppins <[email protected]<mailto:[email protected]>> wrote: Yes, ranger DB has no field for password. So where is it stored? I am unable to use the python script as it requires a current password. Furthermore, it requires that the current password and new password to be different. So, unless there is some other way to change the password my only option is to delete the databases and re-run setup.sh. From: Vipin Rathor <[email protected]<mailto:[email protected]>> Sent: Tuesday, June 4, 2024 6:56 PM To: [email protected]<mailto:[email protected]> Subject: Re: Usersync EXTERNAL You won’t find them in AD / LDAP. They are in your Ranger DB. These passwords get set when you install Ranger. Earlier there used to be a sql stmt to update them directly in the DB, but not possible anymore. Hence the Python script which I shared earlier. Regards, VR On Jun 4, 2024, at 19:34, Marc Hoppins <[email protected]<mailto:[email protected]>> wrote: Hi, Vipin, Not sure how that is going to help. I only have the one password to LDAP search (given by windows team). I cannot change it as it is active directory and to change it would be (yet another) ticket. Where is the password stored? I tried looking in our MYSQL table (x_user) but see nothing for password. From: Vipin Rathor <[email protected]<mailto:[email protected]>> Sent: Tuesday, June 4, 2024 3:29 PM To: [email protected]<mailto:[email protected]> Subject: Re: Usersync EXTERNAL Looks like what Jesús pointed out is right. It’s the rangerusersync user which is failing with “bad credentials” against Ranger Admin. Maybe you can try resetting the password for this user? Take a look at : https://github.com/apache/ranger/blob/master/security-admin/scripts/changepasswordutil.py Regards, VR On Jun 4, 2024, at 17:51, Marc Hoppins <[email protected]<mailto:[email protected]>> wrote: Jesús
