ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Bosco Durai <bo...@apache.org>
Subject Re: UserSync with anonymous bind
Date Fri, 17 Mar 2017 21:37:56 GMT
Mugdha, thanks for clarifying.

 

Loïc, anonymous bind is generally not recommended due to security issues. Is it possible
for you create a lookup/bind user? 

 

Thanks

 

Bosco

 

 

From: Mugdha Varadkar <mugdha.varadkar010@gmail.com>
Reply-To: <user@ranger.apache.org>
Date: Friday, March 17, 2017 at 5:12 AM
To: <user@ranger.apache.org>
Cc: <dev@ambari.apache.org>
Subject: Re: UserSync with anonymous bind

 

Hi,

 

Anonymous bind is just a property available on Ambari UI to toggle "Bind User Password" property.
The property is not persisted in any xml config files. Ranger doesn't support LDAP sync with
Anonymous bind DN. The property was added in Ambari-2.2.0 to recommend the same LDAP instance
used by Ambari using Anonymous bind LDAP server.

In Ambari-2.5.0 with stack 2.6, Anonymous bind property won't be available. 
Here is the Apache jira: https://issues.apache.org/jira/browse/AMBARI-19437

 

Thanks,
Mugdha Varadkar

 

On Fri, Mar 17, 2017 at 5:23 AM, Don Bosco Durai <bosco@apache.org> wrote:

Copy’ing Ambari mailing list also. Mugdha or Gautam who worked on the Ambari stack for Ranger
should be able to give more insights.



Bosco





From: Loïc Chanel <loic.chanel@telecomnancy.net>
Reply-To: <user@ranger.apache.org>
Date: Thursday, March 16, 2017 at 7:51 AM
To: <user@ranger.incubator.apache.org>
Subject: UserSync with anonymous bind



Hi fellow Ranger users,



As I was working on user synchronization from a LDAP with anonymous bind to populate Ranger,
I met the same issue as I did almost two years ago : even if I provide Ambari with the property
"Anonymous bind", the property is ignored and either Ambari complains that I didn't provided
Ranger with a password for LDAP bind, or Ranger UserSync doesn't work because of bad credentials
when binding the LDAP. Even more mysterious is the fact that the property cannot be found
in the XML properties files.



At the time I first needed this, I used a manual setting I described in that documentation
( https://cwiki.apache.org/confluence/display/RANGER/Configure+Ranger+UserSync+for+LDAP )
but as the configuration changed (I'm using Ranger 0.5.0 with Ambari 2.2.2.0) it doesn't work
anymore.



Did someone met the same issue ? Is there a workaround/patch ?

Thanks for your help,





Loïc


Loïc CHANEL
System Big Data engineer
MS&T - WASABI - Worldline (Villeurbanne, France)

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message