Hi Jorge, Not all AD / open ldap server returns groups along with the user, therefore Atlas by default try to read the groups
from hadoop UGI. Ldap usergroups can be synced in Hadoop-UGi by configuring the hadoop core-site.xml I am not completely sure but if your AD with configured correctly to return group you can try setting below property and check *atlas.authentication.method.ldap.ugi-groups = false* https://github.com/apache/atlas/blob/master/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java#L136 Hope this helps Nixon On Tue, Feb 27, 2018 at 8:07 PM, Jorge Bueno Magdalena < [email protected]> wrote: > Hi all, > > According to http://atlas.apache.org/Authentication-Authorization.html, > in LDAP I can use group parameteres but no for AD. ¿how can I use Active > Directory groups in Apache Atlas? > > I am using Ranger for giving authorizations. It works for users but no for > groups. > In the logs I have seen that Atlas try to get groups with "id user". Why > doesn´t Atlas look for in Active Directory instead of the OS? > > I understand I can have a workaround, setting that in OS. But, is it > possible with Atlas and Active Directory? > > Thank you so much > > Regards. >
