Configuring Usersync to sync directly with LDAP/AD

Ranger Usersync can be manually configured to sync directly with LDAP/AD .

By default, Ranger Usersync uses sssd to sync users and groups from a Unix source. This can affect performance and limit scale. This runtime release supports LDAP/AD as a default sync source. Additionally, Ranger Usersync can be manually configured to:
  • update users and groups from multiple (LDAP/AD, Unix and file) sync sources
  • customize the default sync interval
  1. Go to Cloudera Manager > Ranger > Configuration > Filters > Ranger Usersync.
  2. In Search, type safety valve.
    This filters all Ranger configs to expose only the Usersync safety valves.
  3. In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml, press +.
    1. In Name, type ranger.usersync.syncsource.validation.enabled
    2. In Value, type false
    3. Click Save Changes(CTRL+S)
    Allows sync from multiple source types.
  4. In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-extra-attrs.xml, press +.
    1. In Name, type <cloud user.cloud.id.mapping>
    2. In Value, type clouduser1,clouduser2,….
    3. Click Save Changes(CTRL+S)
    Cloud ids for these users and groups are synced to ranger admin.