1) The OpenDS backend
For the purposes of this tutorial, we will use OpenDS as the LDAP server. It contains a domain called "dc=example,dc=com", and 5 users (alice/bob/dave/oscar/victor) and 2 groups (employee/manager). Victor, Oscar and Bob are employees, Alice and Dave are managers. Here is a screenshot using Apache Directory Studio:
2) Build the Apache Ranger usersync module
Follow the steps in the previous tutorial to build Apache Ranger and to setup and start the Apache Ranger Admin service. Once this is done, go back to the Apache Ranger distribution that you have built and copy the usersync module:
- tar zxvf target/ranger-0.6.0-usersync.tar.gz
- mv ranger-0.6.0-usersync ${usersync.home}
You will need to install the Apache Ranger Usersync service using "sudo". If the root user does not have a JAVA_HOME property defined, then edit ${usersync.home}/setup.sh + add in, e.g.:
- export JAVA_HOME=/opt/jdk1.8.0_91
- POLICY_MGR_URL = http://localhost:6080
- SYNC_SOURCE = ldap
- SYNC_INTERVAL = 1 (just for testing purposes....)
- SYNC_LDAP_URL = ldap://localhost:2389
- SYNC_LDAP_BIND_DN = cn=Directory Manager,dc=example,dc=com
- SYNC_LDAP_BIND_PASSWORD = test
- SYNC_LDAP_SEARCH_BASE = dc=example,dc=com
- SYNC_LDAP_USER_SEARCH_BASE = ou=users,dc=example,dc=com
- SYNC_GROUP_SEARCH_BASE=ou=groups,dc=example,dc=com
4) Start the Usersync service
The Apache Ranger Usersync service can be started via "sudo ./ranger-usersync-services.sh start". After 1 minute (see SYNC_INTERVAL above), it should successfully copy the users/groups from the OpenDS backend into the Apache Ranger Admin. Open a browser and go to "http://localhost:6080", and click on "Settings" and then "Users/Groups". You should see the users and groups synced successfully from OpenDS.
No comments:
Post a Comment