Ranger配置OpenLDAP(HDP 3.1.1 + Ambari 2.7.3)

準備環境

搭建LDAP參考：https://blog.csdn.net/Happy_Sunshine_Boy/article/details/102806684
搭建好ldap服務之後，查看slapd服務端口

LDAP配置

配置參考：https://blog.csdn.net/Happy_Sunshine_Boy/article/details/102895967

Ranger配置

-- COMMON CONFIGS:
Sync Source:LDAP/AD		# 同步用戶源
ranger.usersync.source.impl.class=org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
ranger.usersync.ldap.url=ldap://workerhd.bigdata:389  	-- COMMON CONFIGS: LDAP/AD URL
ranger.usersync.ldap.binddn=cn=admin,dc=yaobili,dc=com	-- COMMON CONFIGS:Bind User
ranger.usersync.ldap.bindpassword=123456                -- COMMON CONFIGS:Bind User Password
ranger.usersync.ldap.deltasync=false                    -- COMMON CONFIGS:Incremental Sync	# 增量同步
ranger.usersync.ldap.starttls=false                     -- COMMON CONFIGS:Enable LDAP STARTTLS	# 開啓安全服務

-- USER CONFIGS
ranger.usersync.ldap.user.nameattribute=uid 		-- USER CONFIGS:Username Attribute	# 用戶名屬性
ranger.usersync.ldap.user.objectclass=person 		-- USER CONFIGS:User Object Class​	# 用戶對象嘞
ranger.usersync.ldap.user.searchbase=dc=yaobili,dc=com -- USER CONFIGS:User Search Base		# 用戶搜索基地
ranger.usersync.ldap.user.searchfilter=(member=cn=ranger,cn=groups,cn=compat,dc=yaobili,dc=com) 
													-- USER CONFIGS:User Search Filter		# 用戶搜索過濾器
ranger.usersync.ldap.user.searchscope=sub 			-- USER CONFIGS:User Search Scope	# 用戶搜索範圍
ranger.usersync.ldap.user.groupnameattribute=member -- USER CONFIGS:User Group Name Attribute	# 用戶組名屬性
ranger.usersync.group.usermapsyncenabled=true  		-- USER CONFIGS:Group User Map Sync	# 組用戶映射同步
ranger.usersync.user.searchenabled=false			-- USER CONFIGS:Enable User Search	# 讓用戶搜索

-- GROUP CONFIGS
ranger.usersync.group.searchenabled=true    		-- GROUP CONFIGS:Enable Group Sync		# 開啓組同步
ranger.usersync.group.memberattributename=member   	-- GROUP CONFIGS:Group Member Attribute	# 小組成員屬性
ranger.usersync.group.nameattribute=cn              -- GROUP CONFIGS:Group Name Attribute	# 用戶組名屬性
ranger.usersync.group.objectclass=posixGroup        -- GROUP CONFIGS:Group Object Class		# 用戶組對象類
ranger.usersync.group.searchbase=cn=groups,cn=accounts,dc=yaobili,dc=com  
													-- GROUP CONFIGS:Group Search Base	# 組搜索基地
ranger.usersync.group.searchfilter=(cn=ranger)      -- GROUP CONFIGS:Group Search Filter		# 組搜索過濾器
ranger.usersync.group.search.first.enabled=true     -- GROUP CONFIGS:Enable Group Search First	# 首先啓用組搜索

Ranger同步LDAP用戶