[ https://issues.apache.org/jira/browse/AMBARI-16875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivér Szabó updated AMBARI-16875: ---------------------------------- Description: in case of member attribute value looks like this: "<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", then sync stop working. adding 2 new properties (to find the dn or the id of the member): "authentication.ldap.sync.userMemberReplacePattern" "authentication.ldap.sync.groupMemberReplacePattern" These values are empty by default. Example usage: If we got this as ldapsearch response for group member "member="<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", We need to define a regex which contains member group to specify the location of the DN or id e.g.{{(?<member>.\*)}} authentication.ldap.sync.userMemberReplacePattern={{"(?<sid>.\*);(?<guid>.\*);(?<member>.\*)"}} Then the result will be: "cn=myCn,dc=apache,dc=org" was: in case of member attribute value looks like this: "<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", then sync stop working. adding 2 new properties (to find the dn or the id of the member): "authentication.ldap.sync.userMemberReplacePattern" "authentication.ldap.sync.groupMemberReplacePattern" These values are empty by default. Example usage: If we got this as ldapsearch response for group member "member="<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", We need to define a regex which contains member group to specify the location of the DN or id e.g.{{(?<member>.*)}} authentication.ldap.sync.userMemberReplacePattern={{"(?<sid>.*);(?<guid>.*);(?<member>.*)"}} Then the result will be: "cn=myCn,dc=apache,dc=org" > Ambari sync cannot handle if the member attribute value is not DN or id > ----------------------------------------------------------------------- > > Key: AMBARI-16875 > URL: https://issues.apache.org/jira/browse/AMBARI-16875 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.4.0 > Reporter: Olivér Szabó > Assignee: Olivér Szabó > Priority: Critical > Fix For: 2.4.0 > > > in case of member attribute value looks like this: > "<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", then sync stop working. > adding 2 new properties (to find the dn or the id of the member): > "authentication.ldap.sync.userMemberReplacePattern" > "authentication.ldap.sync.groupMemberReplacePattern" > These values are empty by default. > Example usage: > If we got this as ldapsearch response for group member > "member="<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", > We need to define a regex which contains member group to specify the location > of the DN or id e.g.{{(?<member>.\*)}} > authentication.ldap.sync.userMemberReplacePattern={{"(?<sid>.\*);(?<guid>.\*);(?<member>.\*)"}} > Then the result will be: "cn=myCn,dc=apache,dc=org" -- This message was sent by Atlassian JIRA (v6.3.4#6332)