suryadevarauday
commented
4 years ago I was able to resolve with couple things on amazon Linux (ami-14c5486b)
Original issue was I cloned from EMR master instance and installed ranger from EMR master AMI I am using NonKerb and AD Server and i had to modify few things in that script install-ranger-admin-server-new.sh ( i am not using ldap_admin_user & ldap_admin_password)
enabled
ldap_sync_user_search_base=$9 sudo sed -i "s|SYNC_LDAP_USER_SEARCH_BASE =.*|SYNC_LDAP_USER_SEARCH_BASE=$ldap_sync_user_search_base|g" install.properties
disabled
ldap_admin_user=$9
ldap_admin_password=${10}
./create-users-using-ldap.sh $ldap_ip_address $ldap_admin_user $ldap_admin_password $ldap_base_dn || true
sh installranger.sh
HI Varun, I am seeing this error: 08 Apr 2020 15:50:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: ldap://10.85.2.56, ldapBindDn: CN=rangerldap-stg,OU=staging,DC=emrad,DC=local, ldapBindPassword: **** , ldapAuthenticationMechanism: simple, searchBase: DC=emrad,DC=local, userSearchBase: [DC=emrad,DC=local], userSearchScope: 2, userObjectClass: person, userSearchFilter: sAMAccountName=, extendedUserSearchFilter: null, userNameAttribute: sAMAccountName, userSearchAttributes: [uSNChanged, sAMAccountName, memberof, ismemberof, modifytimestamp], userGroupNameAttributeSet: [memberof, ismemberof], pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: false, groupSearchBase: [DC=emrad,DC=local], groupSearchScope: 2, groupObjectClass: groupofnames, groupSearchFilter: , extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: true, ldapReferral: ignore 08 Apr 2020 15:50:38 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 08 Apr 2020 15:50:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started 08 Apr 2020 15:50:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first 08 Apr 2020 15:50:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))(sAMAccountName=*)) 08 Apr 2020 15:50:38 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() failed with exception: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 52e, v3839]; remaining name 'DC=emrad,DC=local' 08 Apr 2020 15:50:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() user count: 0 08 Apr 2020 15:50:40 INFO UnixAuthenticationService [main] - Enabling Unix Auth Service! 08 Apr 2020 15:50:40 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 08 Apr 2020 15:50:40 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 08 Apr 2020 15:50:40 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink 08 Apr 2020 15:50:40 ERROR UnixAuthenticationService [main] - ERROR: Service: UnixAuthenticationService java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.ranger.authentication.UnixAuthenticationService.startService(UnixAuthenticationService.java:227) at org.apache.ranger.authentication.UnixAuthenticationService.run(UnixAuthenticationService.java:114) at org.apache.ranger.authentication.UnixAuthenticationService.main(UnixAuthenticationService.java:99) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:781) ... 7 more 08 Apr 2020 15:50:40 INFO UnixAuthenticationService [main] - Service: UnixAuthenticationService - STOPPED.