Configuring Usersync to sync directly with LDAP/AD (FreeIPA)

Ranger Usersync can be manually configured to sync directly with LDAP/AD , using FreeIPA deployed in public cloud.

By default, Ranger Usersync uses sssd to sync users and groups from a Unix source. This can affect performance and limit scale. This runtime release supports LDAP/AD as a default sync source. Additionally, Ranger Usersync can be manually configured to:
  • update users and groups from multiple (LDAP/AD, Unix and file) sync sources
  • customize the default sync interval
  • sync directly from FreeIPA deployed in public cloud
  1. Go to Cloudera Manager > Ranger > Configuration > Filters > Ranger Usersync.
  2. In Search, type safety valve.
    This filters all Ranger configs to expose only the Usersync safety valves.
  3. In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml, press +.
    1. In Name, type ranger.usersync.syncsource.validation.enabled
    2. In Value, type false
    3. Click Save Changes(CTRL+S)
    Allows sync from multiple source types.
  4. In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml, press +.
    1. In Name, type ranger.usersync.cdp.public
    2. In Value, type true
    3. Click Save Changes(CTRL+S)
    Sets default sync interval to 1 min in public cloud.
  5. In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-extra-attrs.xml, press +.
    1. In Name, type <cloud user.cloud.id.mapping>
    2. In Value, type clouduser1,clouduser2,….
    3. Click Save Changes(CTRL+S)
    Cloud ids for these users and groups are synced to ranger admin.
Contact your Cloudera Support Engineer to manually configure Ranger Usersync to sync with a specific FreeIPA instance.