ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hari Sekhon (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-217) Add LDAPS support / fix incorrectly returning Bad Credentials for connection problem
Date Tue, 13 Jan 2015 16:06:34 GMT
Hari Sekhon created RANGER-217:
----------------------------------

             Summary: Add LDAPS support / fix incorrectly returning Bad Credentials for connection
problem
                 Key: RANGER-217
                 URL: https://issues.apache.org/jira/browse/RANGER-217
             Project: Ranger
          Issue Type: Bug
    Affects Versions: 0.4.0
         Environment: HDP 2.2
            Reporter: Hari Sekhon


When configuring ranger-admin to use LDAPS it seems to not be supported or breaks with incorrect
error.

In install.properties
{code}xa_ldap_url="ldaps://host.domain.com:636"{code}
While attempting to log in to ranger admin web ui, /var/log/ranger/admin/xa_portal.log shows:
{code}2015-01-13 15:54:34,522 [http-bio-6080-exec-3] INFO  com.xasecure.security.listener.SpringEventListener
(SpringEventListener.java:87) - Login Unsuccessful:hari | Ip Address:x.x.x.x | Bad Credentials
{code} I can understand if this is because my LDAPS server uses a self-signed cert and I need
to supply a trusted CA cert but I can't see any setting for that or find any documentation
around Apache Ranger LDAPS.

That Bad Credentials error is clearly wrong because redeploying ranger-admin using straight
LDAP allows login to succeed with the same password:
{code}xa_ldap_url="ldap://host.domain.com:389"{code}
This is both insecure to only work with plain LDAP and also the error message is wrong since
it was the exact same password used on the Ranger Admin web UI in both cases.

Regards,

Hari Sekhon
http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message