Re: usersync and Ranger UI Login

Thanks for the clarification. One last question – with ldapsearch, have you tried using your samaccountname as bindDN (in the format DOMAIN\sAMAccountName)? In ranger we first search for the login user using admin bind credentials that are configured and then perform a bind with the login user

RE: usersync and Ranger UI Login

And yes, Ambari. From: Jon Morisi Sent: Wednesday, April 19, 2017 4:55 PM To: user@ranger.apache.org Subject: RE: usersync and Ranger UI Login Sorry typo / misspoke. What I meant was ldap-utils. I am using AD. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April

Re: ranger for cassandra

Earlier I have reviewed briefly the Cassandra authorizer and it is RBAC based authorization model which is not a straight forward fit into Ranger's Attribute Based Access Control model. Including dev list also. Pinging Bosco / Madhan to give their thoughts. Thanks, Ramesh From: anurag gujra

RE: usersync and Ranger UI Login

Sorry typo / misspoke. What I meant was ldap-utils. I am using AD. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 4:49 PM To: user@ranger.apache.org Subject: Re: usersync and Ranger UI Login Hi Jon, You have OpenLDAP? I thought it is Active Directo

Re: usersync and Ranger UI Login

Hi Jon, You have OpenLDAP? I thought it is Active Directory). In Ranger for authentication AD and LDAP are treated differently. And the configuration properties are also different. As you can see from the documentation, we have two sections – one for "Configuring Ranger LDAP Authentication

RE: usersync and Ranger UI Login

ranger.ldap.ad.base.dn is my domain, for example DC=example,DC=com I do have openLDAP installed and am able to verify that I am using the sAMAccountName via ldapsearch. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 4:33 PM To: user@ranger.apache.or

Re: usersync and Ranger UI Login

Can you also check what is the value assigned to “ranger.ldap.ad.base.dn”? And is the user logging in using sAMAccountName? From: Jon Morisi mailto:jon.mor...@hsc.utah.edu>> Reply-To: "user@ranger.apache.org" mailto:user@ranger.apache.org>> Date: Wednesday, April 1

ranger for cassandra

Hi All, Can you please share if there is any plan to support apache ranger for cassandra? Thanks, Anurag

RE: usersync and Ranger UI Login

Yes, I did. I saw this: https://community.hortonworks.com/questions/21800/can-not-login-to-ranger-using-ldap-user-after-user.html ... and tried various settings for ranger.ldap.ad.user.searchfilter, with no luck. The recommended value from Ambari was “(sAMAccountName={0})”, which I just now tr

Re: usersync and Ranger UI Login

Hi Jon, Did you setup Ranger Authentication to AD. Here is the doc with steps. https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configure_ranger_authentication.html Thanks, Kashif On Wed, Apr 19, 2017 at 5:27 PM, Jon Morisi wrote: > Hi, > > I’m currently running H

usersync and Ranger UI Login

Hi, I'm currently running HDP-2.5.3.0 / Ranger - 0.6.0 and have Ranger Usersync setup and running with Active Directory. Is it possible for those AD users that come in from usersync to login to the Ranger Admin UI, or do I need to setup "internal" accounts for Ranger Admin UI access? The reaso