Hi Nixon, I had resolved finally with Hadoop UGI. As I said before, LDAP option has group config, I don´t understand why AD hasn´t.
https://github.com/apache/atlas/blob/master/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java http://atlas.apache.org/Authentication-Authorization.html Thank you, Regards. 2018-02-27 17:19 GMT+01:00 Nixon Rodrigues < [email protected]>: > Hi Jorge, > > Not all AD / open ldap server returns groups along with the user, therefore > Atlas by default try to read the groups > > from hadoop UGI. Ldap usergroups can be synced in Hadoop-UGi by configuring > the hadoop core-site.xml > > I am not completely sure but if your AD with configured correctly to return > group you can try setting below property and check > > *atlas.authentication.method.ldap.ugi-groups = false* > > https://github.com/apache/atlas/blob/master/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java#L136 > > Hope this helps > > Nixon > > > > On Tue, Feb 27, 2018 at 8:07 PM, Jorge Bueno Magdalena < > [email protected]> wrote: > >> Hi all, >> >> According to http://atlas.apache.org/Authentication-Authorization.html, >> in LDAP I can use group parameteres but no for AD. ¿how can I use Active >> Directory groups in Apache Atlas? >> >> I am using Ranger for giving authorizations. It works for users but no >> for groups. >> In the logs I have seen that Atlas try to get groups with "id user". Why >> doesn´t Atlas look for in Active Directory instead of the OS? >> >> I understand I can have a workaround, setting that in OS. But, is it >> possible with Atlas and Active Directory? >> >> Thank you so much >> >> Regards. >> > >
