In Apache Ranger, when the user info is synced from an ldap source, will passwords be copied to the Ranger? If so, is there anyway for the Ranger to use LDAP for the authentication?
Asked
Active
Viewed 903 times
3 Answers
0
Alright...I found from Hadoop Summit video that the "User Sync Server" copy users/group data from LDAP/AD to the local Ranger database.
user3600073
- 1,373
- 1
- 12
- 19
0
I don't think Ranger will copy password as well. It's better to store password only in one place, and AD does not allowed you to retrieval any encrypted information from it, doesn't matter you want or not, you just CAN NOT!
user3593261
- 510
- 3
- 16
0
Yes. Usersync will get all users and groups and will fill it in the corresponding tables. But with respect to passwords, since users from AD/LDAP are external users, passwords are stored as encrypted random-plain texts. So when authentication takes place, it sycs with LDAP/AD Server and if not matched, checks with stored (encrypted random-plain texts) passwords (which won't match obviously..!). You can refer to below link : https://developer.ibm.com/hadoop/2016/08/02/pam-authentication-for-ranger/
