All Products
Search

This Product

    E-MapReduce:FAQ

    Document Center

    E-MapReduce:FAQ

    Last Updated:Mar 26, 2026

    Apache Ranger frequently asked questions for E-MapReduce (EMR).

    Why does RangerUserSync fail to sync Linux or LDAP users?

    Affected versions: EMR V3.23.0 and earlier.

    To fix the issue, enable UserSync manually:

    1. Log in to the emr-header-1 node of your cluster.

    2. Open /etc/ecm/ranger-usersync-conf/ranger-ugsync-site.xml and set ranger.usersync.enabled to true.

    3. In the EMR console, go to the Ranger service page, click the Status tab, find RangerUserSync in the Components section, and click Restart.

    How do I sync Unix users to the Ranger web UI policy?

    EMR clusters support syncing either Lightweight Directory Access Protocol (LDAP) users or Unix users to the Ranger web UI policy — not both simultaneously. Follow the steps for your cluster configuration.

    Sync Unix users without OpenLDAP

    1. On the master node, add the user:

      sudo adduser <username>

    2. In the EMR console, go to the Ranger service page, click the Status tab, find RangerUserSync in the Components section, and click Restart. The new user is synced to the Ranger web UI policy automatically.

    3. Verify the result:

      1. Open the Ranger web UI. For details, see Access the web UIs of open source components in the EMR console.

      2. In the top navigation bar, choose Settings > Users/Groups/Roles.

      3. On the Users tab, confirm the user you added appears in the list. image

    Sync Unix users with OpenLDAP

    When OpenLDAP is deployed, Ranger syncs LDAP users by default. To switch to Unix user sync, update the Ranger parameters:

    1. On the master node, add the user:

      sudo adduser <username>

    2. On the Ranger service page in the EMR console, click the Configure tab and update the following parameters:

      Parameter Value
      ranger.usersync.sync.source unix
      ranger.usersync.source.impl.class org.apache.ranger.unixusersync.process.UnixUserGroupBuilder

    3. Save the configuration and restart Ranger. The new user is synced to the Ranger web UI policy automatically.

    4. Verify the result:

      1. Open the Ranger web UI. For details, see Access the web UIs of open source components in the EMR console.

      2. In the top navigation bar, choose Settings > Users/Groups/Roles.

      3. On the Users tab, confirm the user you added appears in the list. image