This integration connects RangerUserSync to a Lightweight Directory Access Protocol (LDAP) server so you can reference LDAP users and user groups in Ranger policies for fine-grained access control across your EMR cluster.
This procedure applies only to clusters running a version earlier than EMR V5.11.0 or EMR V3.45.0. For clusters of EMR V5.11.0 or a later minor version and clusters of EMR V3.45.0 or a later minor version, RangerUserSync automatically connects to the LDAP server if OpenLDAP is installed in the cluster. To confirm the user source, search for the ranger.usersync.sync.source configuration item on the Configure tab of the Ranger service page. The value is either UNIX or LDAP.
Prerequisites
Before you begin, ensure that you have:
A cluster running a version earlier than EMR V5.11.0 or EMR V3.45.0, with both Ranger and OpenLDAP selected as cluster services. For instructions, see Create a cluster.
Enable LDAP authentication for RangerUserSync
Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
In the top navigation bar, select the region where your cluster resides, and select a resource group.
On the EMR on ECS page, find the target cluster and click Services in the Actions column.
On the Services tab, find Ranger and click Status.
In the Components section, find RangerUserSync, move the pointer over the
icon in the Actions column, and then select enableRangerUserSyncLDAP.In the dialog box that appears, configure the Execution Reason parameter and click OK.
In the Confirm message, click OK.
Restart RangerUserSync
Restart RangerUserSync to apply the configuration changes.
On the Services tab, find Ranger and click Status.
In the Components section, find RangerUserSync and click Restart in the Actions column.
In the dialog box that appears, configure the Execution Reason parameter and click OK.
In the Confirm message, click OK.