Re: Cannot log in the Ranger Admin UI

Fri, 13 May 2016 03:12:09 -0700 

Sailaja, would you know what is going here?

Thanks

Bosco


From:  Lune Silver <lunescar.ran...@gmail.com>
Reply-To:  <user@ranger.incubator.apache.org>
Date:  Thursday, May 12, 2016 at 3:39 AM
To:  <user@ranger.incubator.apache.org>
Subject:  Re: Cannot log in the Ranger Admin UI

As a note, I have :
- User Sync enabled
- In Ambari UI, in the User info tab, in the User Configs sub-tab, the "Group 
User map Sync" is enabled. What is the usage of this property ?
- In Ambari UI, in the User info tab, in the Group Configs sub-tab, Group Sync 
is enabled. 

BR.

Lune.

On Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com> wrote:
Hello everyone !

I am using HDP 2.3.2 with Ambari 2.2.1.
I installed Ranger Admin and Ranger Usersync with SSL.
They are both green in Ambari UI and there is no error in the logs of both 
component.

The thing is, when I try to log in the Ranger Admin UI, I always have the 
following error :
###
2016-05-12 12:14:57,165 [http-bio-6182-exec-8] INFO  
org.apache.ranger.security.listener.SpringEventListener 
(SpringEventListener.java:87) - Login Unsuccessful:admin | Ip Address:< IP FROM 
WHERE I TRY TO CONNECT>| Bad Credentials
###

I'm using an LDAP for the user/group management.

I performed a test with :
- admin, the admin user normally locally defined in Ranger. I got the Bad 
Credentials error.
- admin, an admin user that I already have in the LDAP, I got the Bad 
Credentials error
- amb_ranger_admin, the user created in ranger admin in order to allow ambari 
to create repositories (if I understood well), and I got the Bad Credentials 
error
- a user lambda in the LDAP, I got the Bad Credentials error

In the "Advanced" tab in Ambari, I have the following configuration :
- Authentication method : LDAP
- LDAP Settings
-- ranger.ldap.base.dn : dc=<myrealm>
-- Bind user : {{ranger_ug_ldap_bind_dn}} : 
uid=<myuser>,cn=users,cn=accounts,dc=
<myrealm>
-- Bind User Password : the password of the bind user (I checked and this 
password is right)
-- ranger.ldap.group.roleattribute : cn (the attribute to retrieve group, right 
?)
-- ranger.ldap.referral : ignore (because I have only one ldap)
-- LDAP URL : {{ranger_ug_ldap_url}} : ldap://<MY LDAP HOST>:389
-- ranger.ldap.user.dnpattern : uid={0},cn=users,cn=accounts,dc=<myrealm>
-- User Search Filter = {{ranger_ug_ldap_user_searchfilter}} : empty (I kept a 
space character)

Q1 - Do you have any idea what could be my problem ?
Q2 - Is usersync used when a user try to log in the Ranger Admin UI ?

BR.

Lune.

Reply via email to