All Products
Search

This Product

    E-MapReduce:FAQ

    Document Center

    E-MapReduce:FAQ

    Last Updated:Apr 02, 2025

    This topic provides answers to some frequently asked questions about Ranger.

    Why does Ranger UserSync fail to synchronize information about Linux or LDAP users?

    • Cause: In most cases, this issue occurs in a cluster of E-MapReduce (EMR) V3.23.0 or an earlier minor version.

    • Solution: Log on to the emr-header-1 node of your cluster and change the value of the ranger.usersync.enabled parameter in the /etc/ecm/ranger-usersync-conf/ranger-ugsync-site.xml configuration file to true. Then, restart the RangerUserSync component in the EMR console.

    How do I synchronize information about Unix users to the policy configured in the Ranger web UI?

    You cannot synchronize information about Lightweight Directory Access Protocol (LDAP) users and Unix users in an EMR cluster to the policy configured in the Ranger web UI at the same time. If you want to synchronize information about Unix users in an EMR cluster to Ranger, you can use one of the following methods to add Unix users to the policy configured in the Ranger web UI based on whether the OpenLDAP service is deployed in the cluster.

    Scenario 1: Synchronize information about Unix users when the OpenLDAP service is not deployed in an EMR cluster

    1. Run the following command on the master node of the desired EMR cluster to add a user: 

      sudo adduser <username>

    2. In the Components section of the Status tab of the Ranger service page in the EMR console, find the RangerUserSync component and click Restart in the Actions column. The information about the added user will be synchronized to the policy configured in the Ranger web UI.

    3. View the synchronization result.

      1. Access the Ranger web UI. For more information, see Access the web UIs of open source components in the EMR console.

      2. In the top navigation bar, choose Settings > Users/Groups/Roles.

      3. On the Users tab, check whether the added Unix user exists.

        The following figure shows that the test user added in Step 1 exists.

        image

    Scenario 2: Synchronize information about Unix users when the OpenLDAP service is deployed in an EMR cluster

    By default, if the OpenLDAP service is deployed in an EMR cluster, information about LDAP users is synchronized to the policy configured in the Ranger web UI. In this case, you must manually modify the parameters of Ranger to allow synchronization of the information about Unix users. Procedure:

    1. Run the following command on the master node of the desired EMR cluster to add a user: 

      sudo adduser <username>

    2. On the Configure tab of the Ranger service page in the EMR console, search for and modify the following parameters:

      • ranger.usersync.sync.source: Set the parameter to unix.

      • ranger.usersync.source.impl.class: Set the parameter to org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.

    3. Save the configurations and restart Ranger. The information about the added user will be synchronized to the policy configured in the Ranger web UI.

    4. View the synchronization result.

      1. Access the Ranger web UI. For more information, see Access the web UIs of open source components in the EMR console.

      2. In the top navigation bar, choose Settings > Users/Groups/Roles.

      3. On the Users tab, check whether the added Unix user exists.

        The following figure shows that the test user added in Step 1 exists.

        image