Ranger UI AD integration - stanislawbartkowski/hdpactivedirectory GitHub Wiki

Ranger UI AD authentication

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/configuring-ranger-authe-with-unix-ldap-ad/content/ranger_ad_integration_ranger_ui_authentication.html

Ranger AD synchronization. https://github.com/stanislawbartkowski/hdpactivedirectory/wiki/Ranger

Ranger AD synchronization can be extended to Ranger Web UI. AD users already imported to Ranger can access Ranger UI using AD authentication.

Prepare truststore for secure AD/LDAPS connection

Collect necessary data

Data	Sample value
AD certificate file name	/etc/openldap/adroot.crt
Ranger UI truststore file name	/etc/ranger/admin/conf/ranger-admin-keystore.jks (default)
Ranger UI truststore password	*****
Ranger UI truststore alias	trustStoreAlias (default)

keytool -import -file /etc/openldap/adroot.crt -alias trustStoreAlias -keystore /etc/ranger/admin/conf/ranger-admin-keystore.jks

Verify the truststore

keytool -list -keystore /etc/ranger/admin/conf/ranger-admin-keystore.jks

Enter keystore password:  
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

truststorealias, Apr 2, 2020, trustedCertEntry, 
Certificate fingerprint (SHA1): 67:E2:01:ED:36:1C:1F:4B:AA:2C:B5:07:D1:92:E6:5E:B3:70:ED:8E

Ranger->Configs->Advanced->Advanced ranger-admin-site If defaults are used, only the password should be changed.

Ranger UI AD authentication

Collect necessary data

Data	Sample value
AD URL	{{ranger_ug_ldap_url}}, default, the same URL as Ranger user/group integration
AD Bind DN	{{ranger_ug_ldap_bind_dn}}, default, reuse the same bind user
AD Bind Password	***, password for AD bind user, should be provided again
Domain Name (Only for AD)	FYRE.NET
AD Base DN, AD/LDAP base DN to search users	CN=centos,DC=fyre,DC=net
AD User Search Filter	default (sAMAccountName={0})

Ranger->Config->Advanced->AD settings If defaults are used, only AD Bind Password, Domain Name and AD Base DN should be updated.

Troubleshooting

Browse through /var/log/ranger/admin/ xa_portal.log

Increase the granularity of log produced in Ranger->Configs->Advance->Advanced admin-log4j panel to make the log more verbose.