Configure Ranger authentication for AD
How to configure Ranger to use Active Directory (AD) for user authentication.
-
Select Cloudera Manager > Ranger > Configuration, type authentication in
Search.
Ranger authentication property settings display. You may need to scroll down to see the AD settings.
-
Configure the following settings for AD authentication, then click Save
Changes.
Property Description Default value Sample values Admin Authentication Method The Ranger authentication method. UNIX ACTIVE_DIRECTORY Admin AD Auth Base DN
ranger.ldap.ad.base.dn
The Distinguished Name (DN) of the starting point for directory server searches. N/A dc=example,dc=com Admin AD Auth Bind DN
ranger.ldap.ad.bind.dn
The full Distinguished Name (DN), including Common Name (CN) of an LDAP user account that has privileges to search for users. N/A cn=adadmin,cn=Users,dc=example,dc=com Admin AD Auth Bind Password
ranger.ldap.ad.bind.password
Password for the bind.dn. N/A Secret123! Admin AD Auth Domain Name
ranger.ldap.ad.domain
The domain name of the AD Authentication service. N/A example.com Admin AD Auth Referral
ranger.ldap.ad.referral*
See below. ignore follow | ignore | throw Admin AD Auth URL
ranger.ldap.ad.url
The AD server URL, for example:
ldap://<AD-Servername>Port
N/A ldap://<AD-Servername>Port Admin AD Auth User Search Filter
ranger.ldap.ad.user.searchfilter
AD user search filter. N/A * There are three possible values forranger.ldap.ad.referral
:- follow
- throw
- ignore
follow
.When searching a directory, the server might return several search results, along with a few continuation references that show where to obtain further results. These results and references might be interleaved at the protocol level.- When
ranger.ldap.ad.referral
is set tofollow
: - The AD service provider processes all of the normal entries first, and then follows the continuation references.
- When
ranger.ldap.ad.referral
is set tothrow
: - All of the normal entries are returned in the enumeration first, before
the
ReferralException
is thrown. - By contrast, a
referral
error response is processed immediately when this property is set tofollow
orthrow
. - When
ranger.ldap.ad.referral
is set toignore
: - The server should return referral entries as ordinary entries (or plain
text). This might return partial results for the search. In the case of
AD, a
PartialResultException
is returned when referrals are encountered while search results are processed.