This topic describes how to integrate RangerUserSync with a Lightweight Directory Access Protocol (LDAP) server. After the integration is complete, you can grant access permissions to LDAP users or user groups when you configure Ranger policies.
Prerequisites
A cluster of a version that is earlier than EMR V5.11.0 or EMR V3.45.0 is created, and Ranger and OpenLDAP are selected for the cluster. For more information about how to create a cluster, see Create a cluster.
For clusters of EMR V5.11.0 or a later minor version and clusters of EMR V3.45.0 or a later minor version, RangerUserSync automatically connects to an LDAP server if OpenLDAP is installed in the cluster. You can search for the ranger.usersync.sync.source configuration item on the Configure tab of the Ranger service page to view the user source (UNIX or LDAP) of RangerUserSync.
Procedure
Go to the Services tab.
Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.
On the EMR on ECS page, find the desired cluster and click Services in the Actions column.
Enable LDAP authentication for RangerUserSync.
On the Services tab, find Ranger and click Status.
In the Components section, find RangerUserSync, move the pointer over the
icon in the Actions column, and then select enableRangerUserSyncLDAP. In the dialog box that appears, configure the Execution Reason parameter and click OK.
In the Confirm message, click OK.
Restart RangerUserSync for the configurations to take effect.
On the Services tab, find Ranger and click Status.
In the Components section, find RangerUserSync and click in the Actions column.
In the dialog box that appears, configure the Execution Reason parameter and click OK.
In the Confirm message, click OK.