forked from docs/doc-exports
Yang, Tong
3f5759eed2
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
6.2 KiB
6.2 KiB
Changing the Ranger Data Source to LDAP for a Normal Cluster
By default, the Ranger data source of the security cluster can be accessed by FusionInsight Manager LDAP users. By default, the Ranger data source of a common cluster can be accessed by Unix users.
Prerequisites
- Check whether the cluster is in normal mode.
- The Ranger component has been installed.
Procedure
- Log in to the MRS management console.
- Choose Clusters > Active Clusters, select a running cluster, and click its name to switch to the cluster details page.
- Click the Nodes tab and select the node group whose Node Type is Master.
- Go to the ECS page of the active Master node and click Remote Login.
- Log in to the active Master node as user root, go to the /opt/Bigdata/components/FusionInsight_HD_8.1.2.2/Ranger directory, and change the value of ranger.usersync.sync.source in the configurations.xml file to ldap.
ranger.usersync.sync.source <value model="NoSec">ldap</value>
- Run the following commands on the active Master node to restart the controller process:
su - omm
sh /opt/Bigdata/om-server_8.1.2.2/om/sbin/restart-controller.sh
When the controller process is restarted, the Manager page cannot be accessed for a short period of time, which is normal. After the controller process is restarted, you can access the MRS Manager page properly.
- Log in to FusionInsight Manager. For details, see Accessing FusionInsight Manager. Choose Clusters > Services > Ranger. In the upper right corner of the Dashboard page, click More and choose Synchronize Configuration.
- On the Ranger instance page, select the UserSync instance and choose More > Restart Instance.
- On the Dashboard page of the Ranger service, click RangerAdmin and choose Settings > Users/Groups/Roles to check whether LDAP users exist.
Parent topic: Using Ranger