[jira] [Commented] (RANGER-217) Add LDAPS support / fix incorrectly returning Bad Credentials for connection problem

Wed, 19 Jan 2022 01:58:05 -0800 


    [ 
https://issues.apache.org/jira/browse/RANGER-217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478510#comment-17478510
 ] 

Yuktaa Tiwari commented on RANGER-217:
--------------------------------------

Hi, could you please provide the required documentation here.

> Add LDAPS support / fix incorrectly returning Bad Credentials for connection 
> problem
> ------------------------------------------------------------------------------------
>
>                 Key: RANGER-217
>                 URL: https://issues.apache.org/jira/browse/RANGER-217
>             Project: Ranger
>          Issue Type: Bug
>          Components: documentation
>    Affects Versions: 0.4.0
>         Environment: HDP 2.2
>            Reporter: Hari Sekhon
>            Assignee: Velmurugan Periasamy
>            Priority: Major
>
> When configuring ranger-admin to use LDAPS it seems to not be supported or 
> breaks with incorrect error.
> In install.properties
> {code}xa_ldap_url="ldaps://host.domain.com:636"{code}
> While attempting to log in to ranger admin web ui, 
> /var/log/ranger/admin/xa_portal.log shows: {code}2015-01-13 15:54:34,522 
> [http-bio-6080-exec-3] INFO  
> com.xasecure.security.listener.SpringEventListener 
> (SpringEventListener.java:87) - Login Unsuccessful:hari | Ip Address:x.x.x.x 
> | Bad Credentials
> {code} I could understand if this is because my LDAPS server uses a 
> self-signed cert and I need to supply a trusted CA cert but I can't see any 
> setting for that or find any documentation around Apache Ranger LDAPS. (I use 
> this LDAPS server with trusted CA cert elsewhere so I know it works)
> That Bad Credentials error is clearly wrong because redeploying ranger-admin 
> using straight LDAP allows login to succeed with the same password:
> {code}xa_ldap_url="ldap://host.domain.com:389"{code}
> However it's insecure to only work with plain LDAP.
> Required fixes:
> 1. Add LDAPS support + document
> 2. Fix error message to be accurate to the problem and not always report Bad 
> Credentials as this will confuse users
> Regards,
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to