Configuring Apache Ranger Authentication with LDAP/Active Directory
Authorized Active Directory users must be configured to gain access to services and resources provided in a Big Data services cluster. To do this, Apache Ranger must be configured so that Active Directory users can be synchronized to Apache Ranger in Big Data Service. Addionally, users might want to sign in to the Apache Ranger UI as Active Directory users.
Configuring Ranger UserSync
Configuring Ranger UserSync enables you to perform group-based user synchronization from the Active Directory server. Active Directory groups and users in specific groups are synchronized into Ranger.
- Access Apache Ambari.
- From the side toolbar, under Services select Ranger.
- Select Configs, and then select Ranger User Info.
- Set Enable User Sync to Yes.
- Select LDAP/AD from the Sync Source dropdown menu.
- 
Select Common Configs.
- 
Select User Configs.
- 
To sync the group, select Group Configs.
- To save the configuration and restart the Ranger User Sync service, select Save.
- Wait until the Ranger User Sync service is up and running without any errors.