Configuring Usersync to sync directly with LDAP/AD (FreeIPA)

Ranger Usersync can be manually configured to sync directly with LDAP/AD , using FreeIPA deployed in public cloud.

By default, Ranger Usersync uses sssd to sync users and groups from a Unix source. This can affect performance and limit scale. This runtime release supports LDAP/AD as a default sync source. Additionally, Ranger Usersync can be manually configured to:

update users and groups from multiple (LDAP/AD, Unix and file) sync sources
customize the default sync interval
sync directly from FreeIPA deployed in public cloud

Go to Cloudera Manager > Ranger > Configuration > Filters > Ranger Usersync.
In Search, type safety valve.
This filters all Ranger configs to expose only the Usersync safety valves.
In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml, press +.
1. In Name, type ranger.usersync.syncsource.validation.enabled
2. In Value, type false
3. Click Save Changes(CTRL+S)
Allows sync from multiple source types.
In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml, press +.
1. In Name, type ranger.usersync.cdp.public
2. In Value, type true
3. Click Save Changes(CTRL+S)
Sets default sync interval to 1 min in public cloud.
note
This interval can be customized further using this config: ranger.usersync.sleeptimeinmillisbetweensynccycle
In Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-extra-attrs.xml, press +.
1. In Name, type <cloud user.cloud.id.mapping>
2. In Value, type clouduser1,clouduser2,….
3. Click Save Changes(CTRL+S)
Cloud ids for these users and groups are synced to ranger admin.
note
This will be populated by default. The above can also be manually overridden.

Contact your Cloudera Support Engineer to manually configure Ranger Usersync to sync with a specific FreeIPA instance.