Configure Ranger authentication for AD
How to configure Ranger to use Active Directory (AD) for user authentication.
- In Cloudera Manager, select Ranger, then click the Configuration tab.
-
To display the authentication settings, type "authentication" in the Search box.
You may need to scroll down to see the AD settings.
-
Configure the following settings for AD authentication, then click Save
Changes.
Property Description Default value Sample values Admin Authentication Method The Ranger authentication method. UNIX ACTIVE_DIRECTORY Admin AD Auth Base DN
ranger.ldap.ad.base.dn
The Distinguished Name (DN) of the starting point for directory server searches. N/A dc=example,dc=com Admin AD Auth Bind DN
ranger.ldap.ad.bind.dn
The full Distinguished Name (DN), including Common Name (CN) of an LDAP user account that has privileges to search for users. N/A cn=adadmin,cn=Users,dc=example,dc=com Admin AD Auth Bind Password
ranger.ldap.ad.bind.password
Password for the bind.dn. N/A Secret123! Admin AD Auth Domain Name
ranger.ldap.ad.domain
The domain name of the AD Authentication service. N/A dc=example,dc=com Admin AD Auth Referral
ranger.ldap.ad.referral*
See below. ignore follow | ignore | throw Admin AD Auth URL
ranger.ldap.ad.url
The AD server URL. N/A Admin AD Auth User Search Filter
ranger.ldap.ad.user.searchfilter
The search filter used for Bind Authentication. N/A * There are three possible values for
ranger.ldap.ad.referral
:follow
,throw
, andignore
. The recommended setting isfollow
.When searching a directory, the server might return several search results, along with a few continuation references that show where to obtain further results. These results and references might be interleaved at the protocol level.
- When this property is set to
follow
, the AD service provider processes all of the normal entries first, and then follows the continuation references. - When this property is set to
throw
, all of the normal entries are returned in the enumeration first, before theReferralException
is thrown. By contrast, a "referral" error response is processed immediately when this property is set tofollow
orthrow
. - When this property is set to
ignore
, it indicates that the server should return referral entries as ordinary entries (or plain text). This might return partial results for the search. In the case of AD, aPartialResultException
is returned when referrals are encountered while search results are processed.
- When this property is set to