Hello again everyone.
I managed to solve my error.
My problem was coming from the following property :
###
Group Search Filter=
###
The value was the character space.
So I put the right value :
###
Group Search Filter=(member=uid={0},cn=groups,cn=accounts,dc=<myrealm>)
###
Now I can log in the Ranger Admin UI.
BR.
Lune
On Fri, May 13, 2016 at 3:39 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Sorry there is a typo in my last sentence. I wanted to write :
>
> So first thing first, where do I have to enter the password for this user
> rangerusersync in the ranger configuration ?
>
> BR.
>
> Lune
>
>
> On Fri, May 13, 2016 at 3:37 PM, Lune Silver <lunescar.ran...@gmail.com>
> wrote:
>
>> Hello guys.
>>
>> Sorry, I had only a few elements before.
>>
>> Now I increase the log level to debug and I see the following error in
>> xa_portal.log :
>> I saw that there was first an error with the user rangerusersync which
>> was missing in my LDAP.
>> So I created it and I set up a password for it.
>> The password works fine when I try to perform an ldap_search on the LDAP
>> by using the user rangerusersync.
>>
>>
>> But in the logs, here is what I can see
>> ###
>> 2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
>> org.springframework.security.ldap.authentication.BindAuthenticator
>> (BindAuthenticator.java:152) - Failed to bind as
>> uid=rangerusersync,cn=users,cn=accounts,dc=<myrealm>:
>> org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
>> Invalid Credentials]; nested exception is
>> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
>> Credentials]
>> 2016-05-13 15:30:07,582 [http-bio-6182-exec-2] DEBUG
>> org.apache.ranger.security.handler.RangerAuthenticationProvider
>> (RangerAuthenticationProvider.java:238) - LDAP Authentication Failed:
>> org.springframework.security.authentication.BadCredentialsException: Bad
>> credentials
>> at
>> org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
>> at
>> org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
>> at
>> org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
>> at
>> org.apache.ranger.security.handler.RangerAuthenticationProvider.getLdapAuthentication(RangerAuthenticationProvider.java:231)
>> at
>> org.apache.ranger.security.handler.RangerAuthenticationProvider.authenticate(RangerAuthenticationProvider.java:91)
>> at
>> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
>> at
>> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
>> at
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
>> at
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:745)
>> ###
>>
>> So first thing first, when do I have to enter the password for this user
>> rangerusersync in the ranger configuration ?
>>
>> BR.
>>
>> Lune.
>>
>> On Fri, May 13, 2016 at 12:11 PM, Don Bosco Durai <bo...@apache.org>
>> wrote:
>>
>>> Sailaja, would you know what is going here?
>>>
>>> Thanks
>>>
>>> Bosco
>>>
>>>
>>> From: Lune Silver <lunescar.ran...@gmail.com>
>>> Reply-To: <user@ranger.incubator.apache.org>
>>> Date: Thursday, May 12, 2016 at 3:39 AM
>>> To: <user@ranger.incubator.apache.org>
>>> Subject: Re: Cannot log in the Ranger Admin UI
>>>
>>> As a note, I have :
>>> - User Sync enabled
>>> - In Ambari UI, in the User info tab, in the User Configs sub-tab, the
>>> "Group User map Sync" is enabled. What is the usage of this property ?
>>> - In Ambari UI, in the User info tab, in the Group Configs sub-tab,
>>> Group Sync is enabled.
>>>
>>> BR.
>>>
>>> Lune.
>>>
>>> On Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com
>>> > wrote:
>>>
>>>> Hello everyone !
>>>>
>>>> I am using HDP 2.3.2 with Ambari 2.2.1.
>>>> I installed Ranger Admin and Ranger Usersync with SSL.
>>>> They are both green in Ambari UI and there is no error in the logs of
>>>> both component.
>>>>
>>>> The thing is, when I try to log in the Ranger Admin UI, I always have
>>>> the following error :
>>>> ###
>>>> 2016-05-12 12:14:57,165 [http-bio-6182-exec-8] INFO
>>>> org.apache.ranger.security.listener.SpringEventListener
>>>> (SpringEventListener.java:87) - Login Unsuccessful:admin | Ip Address:< IP
>>>> FROM WHERE I TRY TO CONNECT>| Bad Credentials
>>>> ###
>>>>
>>>> I'm using an LDAP for the user/group management.
>>>>
>>>> I performed a test with :
>>>> - admin, the admin user normally locally defined in Ranger. I got the
>>>> Bad Credentials error.
>>>> - admin, an admin user that I already have in the LDAP, I got the Bad
>>>> Credentials error
>>>> - amb_ranger_admin, the user created in ranger admin in order to allow
>>>> ambari to create repositories (if I understood well), and I got the Bad
>>>> Credentials error
>>>> - a user lambda in the LDAP, I got the Bad Credentials error
>>>>
>>>> In the "Advanced" tab in Ambari, I have the following configuration :
>>>> - Authentication method : LDAP
>>>> - LDAP Settings
>>>> -- ranger.ldap.base.dn : dc=<myrealm>
>>>> -- Bind user : {{ranger_ug_ldap_bind_dn}} :
>>>> uid=<myuser>,cn=users,cn=accounts,dc=
>>>> <myrealm>
>>>> -- Bind User Password : the password of the bind user (I checked and
>>>> this password is right)
>>>> -- ranger.ldap.group.roleattribute : cn (the attribute to retrieve
>>>> group, right ?)
>>>> -- ranger.ldap.referral : ignore (because I have only one ldap)
>>>> -- LDAP URL : {{ranger_ug_ldap_url}} : ldap://<MY LDAP HOST>:389
>>>> -- ranger.ldap.user.dnpattern :
>>>> uid={0},cn=users,cn=accounts,dc=<myrealm>
>>>> -- User Search Filter = {{ranger_ug_ldap_user_searchfilter}} : empty
>>>> (I kept a space character)
>>>>
>>>> Q1 - Do you have any idea what could be my problem ?
>>>> Q2 - Is usersync used when a user try to log in the Ranger Admin UI ?
>>>>
>>>> BR.
>>>>
>>>> Lune.
>>>>
>>>
>>>
>>
>
