RE: usersync and Ranger UI Login

2017-04-26 Thread Jon Morisi
of these keystore locations into one place (like I did with the above solution)? From: Jon Morisi [mailto:jon.mor...@hsc.utah.edu] Sent: Thursday, April 20, 2017 4:39 PM To: user@ranger.apache.org Subject: RE: usersync and Ranger UI Login I think there is an issue with a keystore, as you have

RE: usersync and Ranger UI Login

2017-04-20 Thread Jon Morisi
, rangeradmin.jceks, has a blank password. Do you know where I would configure that password? Thanks, Jon From: Jon Morisi [mailto:jon.mor...@hsc.utah.edu] Sent: Thursday, April 20, 2017 1:49 PM To: user@ranger.apache.org Subject: RE: usersync and Ranger UI Login I have enabled debug following

RE: usersync and Ranger UI Login

2017-04-20 Thread Jon Morisi
@ranger.apache.org Subject: Re: usersync and Ranger UI Login Hi Jon, Just an FYI: Usersync and ranger admin are two different processes and can you different trust stores for accessing root certs. These trust store paths are configurable in Ranger as well as in usersync (https://issues.apache.org/jira

Re: usersync and Ranger UI Login

2017-04-20 Thread Sailaja Polavarapu
...@hsc.utah.edu>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Date: Thursday, April 20, 2017 at 12:06 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org

RE: usersync and Ranger UI Login

2017-04-20 Thread Jon Morisi
8:26 AM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Subject: RE: usersync and Ranger UI Login That is successful. I used my Domain\sAMAccountName for the –D parameter of ldapsearch and received a successful query

Re: usersync and Ranger UI Login

2017-04-20 Thread Sailaja Polavarapu
ser@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Subject: RE: usersync and Ranger UI Login That is successful. I used my Domain\sAMAccountName for the –D parameter of ldapsearch and received a successful query response from AD. ldapsearch -H ldaps://[

RE: usersync and Ranger UI Login

2017-04-20 Thread Jon Morisi
o:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 6:01 PM To: user@ranger.apache.org Subject: Re: usersync and Ranger UI Login Thanks for the clarification. One last question – with ldapsearch, have you tried using your samaccountname as bindDN (in the format DOMAIN\sAMAccountName)? In range

Re: usersync and Ranger UI Login

2017-04-19 Thread Sailaja Polavarapu
ger.apache.org>" mailto:user@ranger.apache.org>> Date: Wednesday, April 19, 2017 at 4:02 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Subject: RE: usersync and Ranger UI Login And yes, Ambari. From: Jon Moris

RE: usersync and Ranger UI Login

2017-04-19 Thread Jon Morisi
And yes, Ambari. From: Jon Morisi Sent: Wednesday, April 19, 2017 4:55 PM To: user@ranger.apache.org Subject: RE: usersync and Ranger UI Login Sorry typo / misspoke. What I meant was ldap-utils. I am using AD. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday

RE: usersync and Ranger UI Login

2017-04-19 Thread Jon Morisi
Sorry typo / misspoke. What I meant was ldap-utils. I am using AD. From: Sailaja Polavarapu [mailto:spolavar...@hortonworks.com] Sent: Wednesday, April 19, 2017 4:49 PM To: user@ranger.apache.org Subject: Re: usersync and Ranger UI Login Hi Jon, You have OpenLDAP? I thought it is Active

Re: usersync and Ranger UI Login

2017-04-19 Thread Sailaja Polavarapu
-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Date: Wednesday, April 19, 2017 at 3:43 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Subject: RE: usersync and Ranger

RE: usersync and Ranger UI Login

2017-04-19 Thread Jon Morisi
@ranger.apache.org Subject: Re: usersync and Ranger UI Login Can you also check what is the value assigned to “ranger.ldap.ad.base.dn”? And is the user logging in using sAMAccountName? From: Jon Morisi mailto:jon.mor...@hsc.utah.edu>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org&

Re: usersync and Ranger UI Login

2017-04-19 Thread Sailaja Polavarapu
;> Date: Wednesday, April 19, 2017 at 3:19 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" mailto:user@ranger.apache.org>> Subject: RE: usersync and Ranger UI Login Yes, I did. I saw this: https://community.hortonworks.com/questions/21800/can-not-login-

RE: usersync and Ranger UI Login

2017-04-19 Thread Jon Morisi
...@gmail.com] Sent: Wednesday, April 19, 2017 3:36 PM To: user@ranger.apache.org Subject: Re: usersync and Ranger UI Login Hi Jon, Did you setup Ranger Authentication to AD. Here is the doc with steps. https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content

Re: usersync and Ranger UI Login

2017-04-19 Thread Kashif Khan
Hi Jon, Did you setup Ranger Authentication to AD. Here is the doc with steps. https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configure_ranger_authentication.html Thanks, Kashif On Wed, Apr 19, 2017 at 5:27 PM, Jon Morisi wrote: > Hi, > > I’m currently running H

usersync and Ranger UI Login

2017-04-19 Thread Jon Morisi
Hi, I'm currently running HDP-2.5.3.0 / Ranger - 0.6.0 and have Ranger Usersync setup and running with Active Directory. Is it possible for those AD users that come in from usersync to login to the Ranger Admin UI, or do I need to setup "internal" accounts for Ranger Admin UI access? The reaso