Hello guys.
Sorry, I had only a few elements before.
Now I increase the log level to debug and I see the following error in
xa_portal.log :
I saw that there was first an error with the user rangerusersync which was
missing in my LDAP.
So I created it and I set up a password for it.
The password works fine when I try to perform an ldap_search on the LDAP by
using the user rangerusersync.
But in the logs, here is what I can see
###
2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
org.springframework.security.ldap.authentication.BindAuthenticator
(BindAuthenticator.java:152) - Failed to bind as
uid=rangerusersync,cn=users,cn=accounts,dc=<myrealm>:
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
org.apache.ranger.security.handler.RangerAuthenticationProvider
(RangerAuthenticationProvider.java:238) - LDAP Authentication Failed:
org.springframework.security.authentication.BadCredentialsException: Bad
credentials
at
org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
at
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
at
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at
org.apache.ranger.security.handler.RangerAuthenticationProvider.getLdapAuthentication(RangerAuthenticationProvider.java:231)
at
org.apache.ranger.security.handler.RangerAuthenticationProvider.authenticate(RangerAuthenticationProvider.java:91)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
###
So first thing first, when do I have to enter the password for this user
rangerusersync in the ranger configuration ?
BR.
Lune.
On Fri, May 13, 2016 at 12:11 PM, Don Bosco Durai <bo...@apache.org> wrote:
> Sailaja, would you know what is going here?
>
> Thanks
>
> Bosco
>
>
> From: Lune Silver <lunescar.ran...@gmail.com>
> Reply-To: <user@ranger.incubator.apache.org>
> Date: Thursday, May 12, 2016 at 3:39 AM
> To: <user@ranger.incubator.apache.org>
> Subject: Re: Cannot log in the Ranger Admin UI
>
> As a note, I have :
> - User Sync enabled
> - In Ambari UI, in the User info tab, in the User Configs sub-tab, the
> "Group User map Sync" is enabled. What is the usage of this property ?
> - In Ambari UI, in the User info tab, in the Group Configs sub-tab, Group
> Sync is enabled.
>
> BR.
>
> Lune.
>
> On Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com>
> wrote:
>
>> Hello everyone !
>>
>> I am using HDP 2.3.2 with Ambari 2.2.1.
>> I installed Ranger Admin and Ranger Usersync with SSL.
>> They are both green in Ambari UI and there is no error in the logs of
>> both component.
>>
>> The thing is, when I try to log in the Ranger Admin UI, I always have the
>> following error :
>> ###
>> 2016-05-12 12:14:57,165 [http-bio-6182-exec-8] INFO
>> org.apache.ranger.security.listener.SpringEventListener
>> (SpringEventListener.java:87) - Login Unsuccessful:admin | Ip Address:< IP
>> FROM WHERE I TRY TO CONNECT>| Bad Credentials
>> ###
>>
>> I'm using an LDAP for the user/group management.
>>
>> I performed a test with :
>> - admin, the admin user normally locally defined in Ranger. I got the Bad
>> Credentials error.
>> - admin, an admin user that I already have in the LDAP, I got the Bad
>> Credentials error
>> - amb_ranger_admin, the user created in ranger admin in order to allow
>> ambari to create repositories (if I understood well), and I got the Bad
>> Credentials error
>> - a user lambda in the LDAP, I got the Bad Credentials error
>>
>> In the "Advanced" tab in Ambari, I have the following configuration :
>> - Authentication method : LDAP
>> - LDAP Settings
>> -- ranger.ldap.base.dn : dc=<myrealm>
>> -- Bind user : {{ranger_ug_ldap_bind_dn}} :
>> uid=<myuser>,cn=users,cn=accounts,dc=
>> <myrealm>
>> -- Bind User Password : the password of the bind user (I checked and
>> this password is right)
>> -- ranger.ldap.group.roleattribute : cn (the attribute to retrieve
>> group, right ?)
>> -- ranger.ldap.referral : ignore (because I have only one ldap)
>> -- LDAP URL : {{ranger_ug_ldap_url}} : ldap://<MY LDAP HOST>:389
>> -- ranger.ldap.user.dnpattern : uid={0},cn=users,cn=accounts,dc=<myrealm>
>> -- User Search Filter = {{ranger_ug_ldap_user_searchfilter}} : empty (I
>> kept a space character)
>>
>> Q1 - Do you have any idea what could be my problem ?
>> Q2 - Is usersync used when a user try to log in the Ranger Admin UI ?
>>
>> BR.
>>
>> Lune.
>>
>
>
