Re: LDAP authentication issue

Hi Loic, I see that you configured group search filter instead of user search filter. For your case, can you try the below: ranger.ldap.group.searchbase=OU=Tool,OU=Groupes,DC=blabla,DC=org, ranger.ldap.group.searchfilter=cn*, ranger.ldap.group.roleattribute=cn, ranger.ldap.user.searchfilter=(&(ob

Re: LDAP authentication issue

Vipin, Sailaja, Following-up on this issue : is there a workaround I could use, or do I have to wait for a fix ? Thanks, Loïc CHANEL Technical leader Big Data Capgemini (Lyon, France) Le ven. 19 avr. 2024 à 09:50, Loïc CHANEL a écrit : > Hi guys, > > Thanks for your answers ! I created RANGE

Re: LDAP authentication issue

Hi guys, Thanks for your answers ! I created RANGER-4778 to track that issue. Now for the workaround, I'm not sure I can make it work. Here's my situation. The users I'm trying to authenticate are objectClass=person, and they are located : - In

Re: LDAP authentication issue

Thank Sailaja for the reply. I was about to reply that Spring LDAP API does support multiple DN but you covered with complete analysis.IIRC I did fix (or circumvent?) this bug back in the daysand I’m surprised to see that it still lingers around 😬Let’s fix it this time for good 👍🏻 Regards,VROn Apr

Re: LDAP authentication issue

ranger.ldap.user.dnpattern currently takes only one pattern which seems to be a bug. Because the underlying spring security ldap library API supports array of patterns. For now, can you try filtering based on any other attributes? For example below config filters the users from group1 & group2 rang

Re: LDAP authentication issue

This is really old, but this is what I found. "ranger.usersync.ldap.user.searchfilter": "(|(samaaccountname=)(memberof=CN=)(...)) On Thu, Apr 18, 2024 at 10:54 AM Loïc CHANEL wrote: > That's what I was hoping indeed, but unfortunately : > > 2024-04-18 14:39:39,400 [http-nio-6080-exec-7] DEBUG >

Re: LDAP authentication issue

That's what I was hoping indeed, but unfortunately : 2024-04-18 14:39:39,400 [http-nio-6080-exec-7] DEBUG [RangerAuthenticationProvider.java:291] LDAP Authentication Failed: org.springframework.security.authentication.InternalAuthenticationServiceException: Failed to parse DN; nested exception is

Re: LDAP authentication issue

I think it is just an or & (&(filter1) (filter2)) AND — all conditions must be met | (|(filter1) (filter2)) OR — any number of conditions can be met ! (!(filter1)) NOT — the condition must not be met On Thu, Apr 18, 2024 at 10:06 AM Loïc CHANEL wrote: > Just a follow-up question though : is ther

Re: LDAP authentication issue

Just a follow-up question though : is there a way to define several dnpattern values ? Because the users are located into two different sections of my LDAP, so I have the following patterns : CN={0},OU=External,OU=Users,DC=cmb,DC=blabla,DC=org and CN={0},OU=Internal,OU=Users,DC=cmb,DC=blabla,DC=or

Re: LDAP authentication issue

Hi Vipin, Already did this but didn't see the file name as I was expecting them to be before the properties but not after. By finding the loaded file in the logs I've been able to troubleshoot my issue. Thanks a lot for your help, Loïc CHANEL Technical leader Big Data Capgemini (Lyon, France)

Re: LDAP authentication issue

Hi Loïc,If you turn on log4j debug for Apache Ranger, then the debug log will tell you where the congratulations are being loaded from.Also, please check if you aren’t making changes in a different copy of the actual config file (most probably you might have checked but wouldn’t hurt to double chec