Sorry there is a typo in my last sentence. I wanted to write :
So first thing first, where do I have to enter the password for this user
rangerusersync in the ranger configuration ?
BR.
Lune
On Fri, May 13, 2016 at 3:37 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello guys.
>
> Sorry, I had only a few elements before.
>
> Now I increase the log level to debug and I see the following error in
> xa_portal.log :
> I saw that there was first an error with the user rangerusersync which was
> missing in my LDAP.
> So I created it and I set up a password for it.
> The password works fine when I try to perform an ldap_search on the LDAP
> by using the user rangerusersync.
>
>
> But in the logs, here is what I can see
> ###
> 2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
> org.springframework.security.ldap.authentication.BindAuthenticator
> (BindAuthenticator.java:152) - Failed to bind as
> uid=rangerusersync,cn=users,cn=accounts,dc=<myrealm>:
> org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
> Invalid Credentials]; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
> Credentials]
> 2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
> org.apache.ranger.security.handler.RangerAuthenticationProvider
> (RangerAuthenticationProvider.java:238) - LDAP Authentication Failed:
> org.springframework.security.authentication.BadCredentialsException: Bad
> credentials
> at
> org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
> at
> org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
> at
> org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
> at
> org.apache.ranger.security.handler.RangerAuthenticationProvider.getLdapAuthentication(RangerAuthenticationProvider.java:231)
> at
> org.apache.ranger.security.handler.RangerAuthenticationProvider.authenticate(RangerAuthenticationProvider.java:91)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> ###
>
> So first thing first, when do I have to enter the password for this user
> rangerusersync in the ranger configuration ?
>
> BR.
>
> Lune.
>
> On Fri, May 13, 2016 at 12:11 PM, Don Bosco Durai <bo...@apache.org>
> wrote:
>
>> Sailaja, would you know what is going here?
>>
>> Thanks
>>
>> Bosco
>>
>>
>> From: Lune Silver <lunescar.ran...@gmail.com>
>> Reply-To: <user@ranger.incubator.apache.org>
>> Date: Thursday, May 12, 2016 at 3:39 AM
>> To: <user@ranger.incubator.apache.org>
>> Subject: Re: Cannot log in the Ranger Admin UI
>>
>> As a note, I have :
>> - User Sync enabled
>> - In Ambari UI, in the User info tab, in the User Configs sub-tab, the
>> "Group User map Sync" is enabled. What is the usage of this property ?
>> - In Ambari UI, in the User info tab, in the Group Configs sub-tab, Group
>> Sync is enabled.
>>
>> BR.
>>
>> Lune.
>>
>> On Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com>
>> wrote:
>>
>>> Hello everyone !
>>>
>>> I am using HDP 2.3.2 with Ambari 2.2.1.
>>> I installed Ranger Admin and Ranger Usersync with SSL.
>>> They are both green in Ambari UI and there is no error in the logs of
>>> both component.
>>>
>>> The thing is, when I try to log in the Ranger Admin UI, I always have
>>> the following error :
>>> ###
>>> 2016-05-12 12:14:57,165 [http-bio-6182-exec-8] INFO
>>> org.apache.ranger.security.listener.SpringEventListener
>>> (SpringEventListener.java:87) - Login Unsuccessful:admin | Ip Address:< IP
>>> FROM WHERE I TRY TO CONNECT>| Bad Credentials
>>> ###
>>>
>>> I'm using an LDAP for the user/group management.
>>>
>>> I performed a test with :
>>> - admin, the admin user normally locally defined in Ranger. I got the
>>> Bad Credentials error.
>>> - admin, an admin user that I already have in the LDAP, I got the Bad
>>> Credentials error
>>> - amb_ranger_admin, the user created in ranger admin in order to allow
>>> ambari to create repositories (if I understood well), and I got the Bad
>>> Credentials error
>>> - a user lambda in the LDAP, I got the Bad Credentials error
>>>
>>> In the "Advanced" tab in Ambari, I have the following configuration :
>>> - Authentication method : LDAP
>>> - LDAP Settings
>>> -- ranger.ldap.base.dn : dc=<myrealm>
>>> -- Bind user : {{ranger_ug_ldap_bind_dn}} :
>>> uid=<myuser>,cn=users,cn=accounts,dc=
>>> <myrealm>
>>> -- Bind User Password : the password of the bind user (I checked and
>>> this password is right)
>>> -- ranger.ldap.group.roleattribute : cn (the attribute to retrieve
>>> group, right ?)
>>> -- ranger.ldap.referral : ignore (because I have only one ldap)
>>> -- LDAP URL : {{ranger_ug_ldap_url}} : ldap://<MY LDAP HOST>:389
>>> -- ranger.ldap.user.dnpattern :
>>> uid={0},cn=users,cn=accounts,dc=<myrealm>
>>> -- User Search Filter = {{ranger_ug_ldap_user_searchfilter}} : empty (I
>>> kept a space character)
>>>
>>> Q1 - Do you have any idea what could be my problem ?
>>> Q2 - Is usersync used when a user try to log in the Ranger Admin UI ?
>>>
>>> BR.
>>>
>>> Lune.
>>>
>>
>>
>
