All Products
Search
Document Center

E-MapReduce:Integrate RangerUserSync with an LDAP server

Last Updated:Jun 14, 2023

This topic describes how to integrate RangerUserSync with a Lightweight Directory Access Protocol (LDAP) server. After the integration is complete, you can grant access permissions to LDAP users or user groups when you configure Ranger policies.

Prerequisites

A cluster of a version that is earlier than EMR V5.11.0 or EMR V3.45.0 is created, and Ranger is selected for the cluster. For more information about how to create a cluster, see Create a cluster.

Note

For clusters of EMR V5.11.0 or a later minor version and clusters of EMR V3.45.0 or a later minor version, RangerUserSync automatically connects to an LDAP server if OpenLDAP is installed in the cluster. You can search for the ranger.usersync.sync.source configuration item on the Configure tab of the Ranger service page to view the user source (UNIX or LDAP) of RangerUserSync.

Procedure

  1. Go to the Services tab.

    1. Log on to the EMR on ECS console.

    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.

    3. click Services in the Actions column of the cluster that you want to manage.

  2. Enable LDAP authentication for RangerUserSync.

    1. On the Services tab, find Ranger and click Status.

    2. In the Components section, find RangerUserSync, move the pointer over the More icon in the Actions column, and then select enableRangerUserSyncLDAP.

    3. In the dialog box that appears, configure the Execution Reason parameter and click OK.

    4. In the Confirm message, click OK.

  3. Restart RangerUserSync for the configurations to take effect.

    1. On the Services tab, find Ranger and click Status.

    2. In the Components section, find RangerUserSync and click Restart in the Actions column.more

    3. In the dialog box that appears, configure the Execution Reason parameter and click OK.

    4. In the Confirm message, click OK.