Dilli, Sorry for answering this late, but yes that is actually exactly what I want to do, and no matter what its configuration is Ranger UserSync keep returning me the same error I talked about in my first eMail.
As I know this Handshake exception is often linked to certificate issues, I triple-checked that LDAP certificates are in the certificates trusted by Java, but it seems that the error persists. Do you have an idea about where it might come from ? Thanks, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne 2015-06-09 21:36 GMT+02:00 Dilli Arumugam <[email protected]>: > Assuming your users are in LDAP, what you need to do is: > Make user Ranger UserSync and NameNode ldap group mapping provider point > to the same LDAP. > > Please see the following for some help. > http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/ > > Thanks > Dilli > > From: Loïc Chanel <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Tuesday, June 9, 2015 8:29 AM > To: "[email protected]" <[email protected]> > Subject: Re: Issues with UserSync > > Hi Dilli, > > First of all, thanks for answering so fast. > > Actually, I would like to have some synchronization between RangerAdmin > UI and NameNode users, in order to manage Users and authorizations directly > from RangerAdmin UI. > > Is it possible somehow via Ranger UserSync ? > > Thanks, > > > Loïc > > Loïc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne > > 2015-06-09 17:18 GMT+02:00 Dilli Arumugam <[email protected]>: > >> Please note that user/group mapping that you see in RangerAdmin UI is >> only used for policy definition time. >> At policy enforcement time, user group membership is computed by NameNode >> based on group mapping provider defined in NameNode. >> >> You can check what NameNode sees as groups that a user belongs to by >> issuing command >> >> hdfs groups sam >> >> Sam is sample username here. >> You would use your username in its place. >> Thanks >> Dilli >> >> From: Loïc Chanel <[email protected]> >> Reply-To: "[email protected]" < >> [email protected]> >> Date: Tuesday, June 9, 2015 7:39 AM >> To: "[email protected]" <[email protected]> >> Subject: Issues with UserSync >> >> Hi All, >> >> As I am using Ranger with Unix authentication to manage the security of >> HDFS on my cluster, I could not help but notice that even if I add users to >> groups in the Ranger console, Ranger cannot find to which groups they >> belong, and therefore do not authorize them to perform actions they should >> be able to do. >> >> As I thought this issue came from UserSync, I noticed that in its logs >> the following exception is printed every minute : >> >> ERROR PasswordValidator [Thread-22] - Response [FAILED: unable to >> validate due to error javax.net.ssl.SSLHandshakeException: Remote host >> closed connection during handshake] for user: null >> javax.net.ssl.SSLHandshakeException: Remote host closed connection during >> handshake >> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) >> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown >> Source) >> at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) >> at sun.security.ssl.AppInputStream.read(Unknown Source) >> at sun.nio.cs.StreamDecoder.readBytes(Unknown Source) >> at sun.nio.cs.StreamDecoder.implRead(Unknown Source) >> at sun.nio.cs.StreamDecoder.read(Unknown Source) >> at java.io.InputStreamReader.read(Unknown Source) >> at java.io.BufferedReader.fill(Unknown Source) >> at java.io.BufferedReader.readLine(Unknown Source) >> at java.io.BufferedReader.readLine(Unknown Source) >> at >> com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58) >> at java.lang.Thread.run(Unknown Source) >> Caused by: java.io.EOFException: SSL peer shut down incorrectly >> at sun.security.ssl.InputRecord.read(Unknown Source) >> ... 13 more >> >> As usually this is the sign of a problem of missing certificate, I >> ensured the certificate corresponding to Unix authentication (<host>:5151) >> is in Java trustore and restarted the NameNode and Ranger, but nothing >> changed. >> >> When looking a little bit more into RangerAdmin and RangerUserSync >> logs, it seems that RangerAdmin is the source of the problem, closing the >> connection before handshake is fully established, but I have no idea about >> how to correct it. >> >> Did someone encountered this error too ? Did I miss something ? >> >> Thanks in advance for your help, >> >> >> Loïc >> >> Loïc CHANEL >> Engineering student at TELECOM Nancy >> Trainee at Worldline - Villeurbanne >> > >
