Hi! I am trying to solve this for a while, but with no luck so far. I managed to set up the usersync plugin with ldap (and without kerberos) and after starting it the initial users are showing up on Ranger, but all the upcoming hourly syncs are failing with the following error, which is a bit misleading since it is just a warning: ------------------------------------------------------------------------------------------------------------------------------- WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. -------------------------------------------------------------------------------------------------------------------------------
I enabled debug logs to get a clearer picture, but what is odd that at the beginning my credentials are still valid and a new ranger cookie will be created for the initial sync, but for the next hour something happens. Here are the first couple of lines from the initial sync: ------------------------------------------------------------------------------------------------------------------------------- INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101000000Z))) INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 5564and currentDeltaSyncTime = 5564 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO: addPMAccount(awsadmind-906714de98) DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.getMUser() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - USER GROUP MAPPING{"loginId":"awsadmind-906714de98","firstName":"awsadmind-906714de98","lastName":"awsadmind-906714de98","userRoleList":[null],"otherA ttributes":"{}"} INFO LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - valid cookie saved ------------------------------------------------------------------------------------------------------------------------------- And these are the logs for an upcoming hour: ------------------------------------------------------------------------------------------------------------------------------- INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==>sink INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=5631)(modifyTimestamp>=19700101000005Z))) INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 5564and currentDeltaSyncTime = 5564 DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - INFO: addPMAccount(awsadmind-906714de98) DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.getMUser() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred() DEBUG LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - USER GROUP MAPPING{"loginId":"awsadmind-906714de98","firstName":"awsadmind-906714de98","lastName":"awsadmind-906714de98","userRoleList":[null],"otherA ttributes":"{}"} WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. ------------------------------------------------------------------------------------------------------------------------------- Could you help figure this out? I am happy to share more details if necessary. Thanks, Geri