Ranger-usync用户同步-LDAP
1、修改配置
**cd /opt/ranger-2.3.0-usersync/ **
SYNC_SOURCE = ldap SYNC_LDAP_URL = ldap://hd.dtstack.com:389 SYNC_LDAP_BIND_DN = uid=admin,cn=users,cn=accounts,dc=dtstack,dc=com SYNC_LDAP_BIND_PASSWORD = Admin@123 SYNC_LDAP_DELTASYNC = SYNC_LDAP_SEARCH_BASE = cn=accounts,dc=dtstack,dc=com SYNC_LDAP_USER_S EARCH_BASE = cn=users,cn=accounts,dc=dtstack,dc=com SYNC_LDAP_USER_SEARCH_SCOPE = sub SYNC_LDAP_USER_OBJECT_CLASS = person SYNC_LDAP_USER_SEARCH_FILTER = SYNC_LDAP_USER_NAME_ATTRIBUTE = uid SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof SYNC_LDAP_USERNAME_CASE_CONVERSION=lower SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower SYNC_GROUP_SEARCH_ENABLED= true SYNC_GROUP_USER_MAP_SYNC_ENABLED= true SYNC_GROUP_SEARCH_BASE= cn=groups,cn=accounts,dc=dtstack,dc=com
SYNC_LDAP_URL #ldpa地址
SYNC_LDAP_BIND_DN #查询用户
SYNC_LDAP_BIND_PASSWORD #密码
SYNC_LDAP_SEARCH_BASE #搜索域
SYNC_LDAP_USER_SEARCH_BASE #搜索用户的域
SYNC_LDAP_USER_NAME_ATTRIBUTE #用户名属性
SYNC_GROUP_SEARCH_BASE #搜索组的域
通过ldapsearch进行查询
ldapsearch -x -H ldap://hd.dtstack.com:389 -b cn=users,cn=accounts,dc=dtstack,dc=com -D "uid=admin,cn=users,cn=accounts,dc=dtstack,dc=com" -w Admin@123
配置完成后,执行setup.sh生成新的配置
确认ranger.usersync.enabled 为true
**cat conf/ranger-ugsync-site.xml **
<property> <name>ranger.usersync.enabled</name> <value>true</value> </property>
2、重启ranger-usersync
执行ranger-usersync restart
查看ranger页面确认用户是否同步上来
