Changing the Ranger Data Source to LDAP for a Normal Cluster
By default, the Ranger data source of the security cluster can be accessed by FusionInsight Manager LDAP users. By default, the Ranger data source of a common cluster can be accessed by Unix users.
Prerequisites
- The cluster is in normal mode.
- The Ranger component has been installed.
Procedure
- Log in to the MRS console.
- Choose Clusters > Active Clusters, select a running cluster, and click its name to go to its details page.
- Click the Nodes tab. On the Nodes tab page that is displayed, expand the node group whose Node Type is Master.
- Go to the ECS page of the active master node and click Remote Login.
- Log in to a master node as user root, go to the ${BIGDATA_HOME}/components/FusionInsight_HD_8.1.0.1/Ranger directory, and change the values of ranger.usersync.sync.source and ranger.usersync.cookie.enabled in the configurations.xml file to ldap and false, respectively.
<name>ranger.usersync.sync.source</name> <value model="Sec">ldap</value> <value model="NoSec">ldap</value>
<name>ranger.usersync.cookie.enabled</name> <value>false</value>
Change the value of this parameter on all master nodes.
- Run the following commands on the active Master node to restart the controller process:
su - omm
sh /opt/Bigdata/om-server_8.1.0.1/om/sbin/restart-controller.sh
During controller restart, Manager becomes inaccessible temporarily. After the restart is complete, Manager can be accessed properly.
- Log in to FusionInsight Manager and choose Cluster > Services > Ranger. In the upper right corner of the Dashboard page, click More and choose Synchronize Configuration.
- On the Ranger instance page, select the UserSync instance and choose More > Restart Instance.
- On the Dashboard page of the Ranger service, click RangerAdmin and choose Settings > Users/Groups/Roles to check whether LDAP users exist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot