Hi!
I am trying to solve this for a while, but with no luck so far. I managed
to set up the usersync plugin with ldap (and without kerberos) and after
starting it the initial users are showing up on Ranger, but all the
upcoming hourly syncs are failing with the following error, which is a bit
misleading since it is just a warning:
-------------------------------------------------------------------------------------------------------------------------------
WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials
response from ranger is 401.
-------------------------------------------------------------------------------------------------------------------------------
I enabled debug logs to get a clearer picture, but what is odd that at the
beginning my credentials are still valid and a new ranger cookie will be
created for the initial sync, but for the next hour something happens. Here
are the first couple of lines from the initial sync:
-------------------------------------------------------------------------------------------------------------------------------
INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group
from source==>sink
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder updateSink started
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user
search first
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
extendedUserSearchFilter =
(&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101000000Z)))
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal =
5564and currentDeltaSyncTime = 5564
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO:
addPMAccount(awsadmind-906714de98)
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.getMUser()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - USER GROUP
MAPPING{"loginId":"awsadmind-906714de98","firstName":"awsadmind-906714de98","lastName":"awsadmind-906714de98","userRoleList":[null],"otherA
ttributes":"{}"}
INFO LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - valid cookie saved
-------------------------------------------------------------------------------------------------------------------------------
And these are the logs for an upcoming hour:
-------------------------------------------------------------------------------------------------------------------------------
INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from
source==>sink
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder updateSink started
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user
search first
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
extendedUserSearchFilter =
(&(objectclass=person)(|(uSNChanged>=5631)(modifyTimestamp>=19700101000005Z)))
INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal =
5564and currentDeltaSyncTime = 5564
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO:
addPMAccount(awsadmind-906714de98)
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.getMUser()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==>
LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - USER GROUP
MAPPING{"loginId":"awsadmind-906714de98","firstName":"awsadmind-906714de98","lastName":"awsadmind-906714de98","userRoleList":[null],"otherA
ttributes":"{}"}
WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials
response from ranger is 401.
-------------------------------------------------------------------------------------------------------------------------------
Could you help figure this out? I am happy to share more details if
necessary.
Thanks,
Geri
