[jira] [Updated] (RANGER-4022) Facing Ranger AD sync issue

Ajay (Jira) Fri, 16 Dec 2022 04:19:07 -0800


     [ 
https://issues.apache.org/jira/browse/RANGER-4022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ajay updated RANGER-4022:
-------------------------
    Affects Version/s: 2.0.0

> Facing Ranger AD sync issue
> ---------------------------
>
>                 Key: RANGER-4022
>                 URL: https://issues.apache.org/jira/browse/RANGER-4022
>             Project: Ranger
>          Issue Type: Task
>          Components: usersync
>    Affects Versions: 2.0.0
>            Reporter: Ajay
>            Priority: Major
>
> Hi Team,
>  
> I am working on creating Open_source KAFKA/RANGER/AMBARI cluster , however 
> everything has been setup but facing error while RANGER_AD sync. So Ranger 
> admin and Ranger usersync are getting started via Ambari however with below 
> errors it is getting failed. I am at a point where i am not able to find 
> where the issue is at , any help will be appreciate able.
>  
> Below is the error snap.
>  
> Note:- this is a sample user taken from Ldap
> {code:java}
> 13 Dec 2022 18:19:42  INFO UnixAuthenticationService [main] - Starting User 
> Sync Service!
> 13 Dec 2022 18:19:43  INFO AbstractMapper [UnixUserSyncThread] - Initializing 
> for ranger.usersync.mapping.username.regex
> 13 Dec 2022 18:19:43  INFO AbstractMapper [UnixUserSyncThread] - Initializing 
> for ranger.usersync.mapping.groupname.regex
> 13 Dec 2022 18:19:43  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> LdapDeltaUserGroupBuilder created
> 13 Dec 2022 18:19:43  INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep 
> Time Between Cycle can not be lower than [3600000] millisec. resetting to min 
> value.
> 13 Dec 2022 18:19:43  INFO UserGroupSync [UnixUserSyncThread] - initializing 
> sink: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder
> 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] - sampler.classes = ; 
> loaded no samplers
> 13 Dec 2022 18:19:44 DEBUG Tracer [UnixUserSyncThread] - 
> span.receiver.classes = ; loaded no span receivers
> 13 Dec 2022 18:19:45  INFO AbstractMapper [UnixUserSyncThread] - Initializing 
> for ranger.usersync.mapping.username.regex
> 13 Dec 2022 18:19:45  INFO AbstractMapper [UnixUserSyncThread] - Initializing 
> for ranger.usersync.mapping.groupname.regex
> 13 Dec 2022 18:19:45  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> LdapDeltaUserGroupBuilder created
> 13 Dec 2022 18:19:45  INFO UserGroupSync [UnixUserSyncThread] - initializing 
> source: org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder
> 13 Dec 2022 18:19:45  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> LdapDeltaUserGroupBuilder initialization started
> 13 Dec 2022 18:19:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> LdapDeltaUserGroupBuilder initialization completed with --  ldapUrl: 
> ldap://ldap-aws-us-east.mstarext.com:389,  ldapBindDn: 
> CN=aws_hadoop_prd_ad_user,OU=Service Accounts,OU=Hadoop,OU=CORESVC_Core 
> Services,OU=Servers and Services,DC=mstarext,DC=com,  ldapBindPassword: ***** 
> ,  ldapAuthenticationMechanism: simple,  searchBase: DC=mstarext,DC=com,  
> userSearchBase: [dc=mstarext,dc=com],  userSearchScope: 2,  userObjectClass: 
> user,  userSearchFilter: (&(objectClass=person)(objectClass=user)),  
> extendedUserSearchFilter: null,  userNameAttribute: sAMAccountName,  
> userSearchAttributes: [uSNChanged, sAMAccountName, modifytimestamp],  
> userGroupNameAttributeSet: null,  pagedResultsEnabled: true,  
> pagedResultsSize: 500,  groupSearchEnabled: true,  groupSearchBase: 
> [DC=mstarext,DC=com],  groupSearchScope: 2,  groupObjectClass: group,  
> groupSearchFilter: (objectClass=group),  extendedGroupSearchFilter: 
> (&null(|(member={0})(member={1}))),  extendedAllGroupsSearchFilter: null,  
> groupMemberAttributeName: member,  groupNameAttribute: sAMAccountName, 
> groupSearchAttributes: [uSNChanged, sAMAccountName, member, modifytimestamp], 
>  groupUserMapSyncEnabled: true, groupSearchFirstEnabled: false, 
> userSearchEnabled: false,  ldapReferral: follow
> 13 Dec 2022 18:19:46  INFO UserGroupSync [UnixUserSyncThread] - Begin: 
> initial load of user/group from source==>sink
> 13 Dec 2022 18:19:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> LdapDeltaUserGroupBuilder updateSink started
> 13 Dec 2022 18:19:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> Performing user search first
> 13 Dec 2022 18:19:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> extendedUserSearchFilter = 
> (&(objectclass=user)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(&(objectClass=person)(objectClass=user)))
> 13 Dec 2022 18:19:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> uSNChangedVal = 77639505and currentDeltaSyncTime = 77639505
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - INFO: addPMAccount(MSPRDDCAWSE02$)
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.getMUser()
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:46 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:47 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - USER GROUP 
> MAPPING{"loginId":"MSPRDDCAWSE02$","firstName":"MSPRDDCAWSE02$","lastName":"MSPRDDCAWSE02$","userRoleList":[null]}
> 13 Dec 2022 18:19:47  INFO UnixAuthenticationService [main] - Enabling Unix 
> Auth Service!
> 13 Dec 2022 18:19:48  INFO UnixAuthenticationService [main] - Disabling 
> Protocol: [TLSv1.3]
> 13 Dec 2022 18:19:48  INFO UnixAuthenticationService [main] - Enabling 
> Protocol: [TLSv1.2]
> 13 Dec 2022 18:19:48  INFO UnixAuthenticationService [main] - Enabling 
> Protocol: [TLSv1.1]
> 13 Dec 2022 18:19:48  INFO UnixAuthenticationService [main] - Enabling 
> Protocol: [TLSv1]
> 13 Dec 2022 18:19:48  INFO UnixAuthenticationService [main] - Enabling 
> Protocol: [SSLv2Hello]
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - RESPONSE[<!doctype html><html lang="en"><head><title>HTTP Status 403 – 
> Forbidden</title><style type="text/css">H1 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>  H2 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>  H3 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>  BODY 
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P 
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>  {color : black;}A.name {color : black;}HR {color : 
> #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr 
> class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos credentails)</p><p><b>Description</b> The server understood the 
> request but refuses to authorize it.</p><hr class="line" /><h3>Apache 
> Tomcat/7.0.94</h3></body></html>]
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - Failed to add User :
> com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: 
> Expected BEGIN_OBJECT but was STRING at line 1 column 1
>         at 
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
>         at com.google.gson.Gson.fromJson(Gson.java:803)
>         at com.google.gson.Gson.fromJson(Gson.java:768)
>         at com.google.gson.Gson.fromJson(Gson.java:717)
>         at com.google.gson.Gson.fromJson(Gson.java:689)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getMUser(LdapPolicyMgrUserGroupBuilder.java:844)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$600(LdapPolicyMgrUserGroupBuilder.java:71)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:808)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$7.run(LdapPolicyMgrUserGroupBuilder.java:804)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.java:360)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addMUser(LdapPolicyMgrUserGroupBuilder.java:804)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:292)
>         at 
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:525)
>         at 
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335)
>         at 
> org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
>         at java.lang.Thread.run(Thread.java:750)
> Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was 
> STRING at line 1 column 1
>         at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
>         at 
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
>         ... 16 more
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - Failed to add portal user
> 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> sink.addOrUpdateUser failed with exception: Failed to add portal user, for 
> user: MSPRDDCAWSE02$
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.addUserGroupInfo MSPRDDCAWSE02$ and groups
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - INFO: addPMXAUser(MSPRDDCAWSE02$)
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - USER GROUP 
> MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ - 
> add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]}
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - USER GROUP 
> MAPPING{"xuserInfo":{"name":"MSPRDDCAWSE02$","description":"MSPRDDCAWSE02$ - 
> add from Unix box","groupNameList":[],"userRoleList":[]},"xgroupInfo":[]}
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - <== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - <== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
> 13 Dec 2022 18:19:58 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - RESPONSE: [<!doctype html><html lang="en"><head><title>HTTP Status 403 – 
> Forbidden</title><style type="text/css">H1 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>  H2 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>  H3 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>  BODY 
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P 
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>  {color : black;}A.name {color : black;}HR {color : 
> #525D76;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr 
> class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos credentails)</p><p><b>Description</b> The server understood the 
> request but refuses to authorize it.</p><hr class="line" /><h3>Apache 
> Tomcat/7.0.94</h3></body></html>]
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - Failed to add User Group Info :
> com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: 
> Expected BEGIN_OBJECT but was STRING at line 1 column 1
>         at 
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
>         at com.google.gson.Gson.fromJson(Gson.java:803)
>         at com.google.gson.Gson.fromJson(Gson.java:768)
>         at com.google.gson.Gson.fromJson(Gson.java:717)
>         at com.google.gson.Gson.fromJson(Gson.java:689)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(LdapPolicyMgrUserGroupBuilder.java:424)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$200(LdapPolicyMgrUserGroupBuilder.java:71)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:337)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$2.run(LdapPolicyMgrUserGroupBuilder.java:333)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.java:360)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addUserGroupInfo(LdapPolicyMgrUserGroupBuilder.java:333)
>         at 
> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateUser(LdapPolicyMgrUserGroupBuilder.java:178)
>         at 
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(LdapDeltaUserGroupBuilder.java:557)
>         at 
> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:335)
>         at 
> org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
>         at java.lang.Thread.run(Thread.java:750)
> Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was 
> STRING at line 1 column 1
>         at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
>         at 
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
>         ... 16 more
> 13 Dec 2022 18:19:58 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] 
> - Failed to add addorUpdate user group info
> 13 Dec 2022 18:19:58 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> sink.addOrUpdateUserGroups failed with exception: Failed to add addorUpdate 
> user group info, for user: MSPRDDCAWSE02$ and groups: []
> 13 Dec 2022 18:19:58  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> Updating user count: 1, userName: MSPRDDCAWSE02$
> 13 Dec 2022 18:19:58  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - 
> uSNChangedVal = 78055074and currentDeltaSyncTime = 78055074
> {code}
> ** 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4022) Facing Ranger AD sync issue

Reply via email to