ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mugdha Varadkar <mugdha.varadkar...@gmail.com>
Subject Re: UserSync with anonymous bind
Date Fri, 17 Mar 2017 12:12:10 GMT
Hi,

Anonymous bind is just a property available on Ambari UI to toggle "Bind
User Password" property. The property is not persisted in any xml config
files. Ranger doesn't support LDAP sync with Anonymous bind DN. The
property was added in Ambari-2.2.0 to recommend the same LDAP instance used
by Ambari using Anonymous bind LDAP server.

In Ambari-2.5.0 with stack 2.6, Anonymous bind property won't be available.
Here is the Apache jira: https://issues.apache.org/jira/browse/AMBARI-19437

Thanks,
Mugdha Varadkar

On Fri, Mar 17, 2017 at 5:23 AM, Don Bosco Durai <bosco@apache.org> wrote:

> Copy’ing Ambari mailing list also. Mugdha or Gautam who worked on the
> Ambari stack for Ranger should be able to give more insights.
>
>
>
> Bosco
>
>
>
>
>
> From: Loïc Chanel <loic.chanel@telecomnancy.net>
> Reply-To: <user@ranger.apache.org>
> Date: Thursday, March 16, 2017 at 7:51 AM
> To: <user@ranger.incubator.apache.org>
> Subject: UserSync with anonymous bind
>
>
>
> Hi fellow Ranger users,
>
>
>
> As I was working on user synchronization from a LDAP with anonymous bind
> to populate Ranger, I met the same issue as I did almost two years ago :
> even if I provide Ambari with the property "Anonymous bind", the property
> is ignored and either Ambari complains that I didn't provided Ranger with a
> password for LDAP bind, or Ranger UserSync doesn't work because of bad
> credentials when binding the LDAP. Even more mysterious is the fact that
> the property cannot be found in the XML properties files.
>
>
>
> At the time I first needed this, I used a manual setting I described in
> that documentation ( https://cwiki.apache.org/confluence/display/RANGER/
> Configure+Ranger+UserSync+for+LDAP ) but as the configuration changed
> (I'm using Ranger 0.5.0 with Ambari 2.2.2.0) it doesn't work anymore.
>
>
>
> Did someone met the same issue ? Is there a workaround/patch ?
>
> Thanks for your help,
>
>
>
>
>
> Loïc
>
>
> Loïc CHANEL
> System Big Data engineer
> MS&T - WASABI - Worldline (Villeurbanne, France)
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message