Hi, My ranger syncs LDAP users but does not sync LDAP groups.
Below is the log: 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization comple ted with -- ldapUrl: ldap://something.oraclevcn.com:389, ldapBindDn: cn=ldapadm,dc=oc idw,dc=prod2, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=ocidw,dc=prod2, u serSearchBase: [ou=people,dc=ocidw,dc=prod2], userSearchScope: 2, userObjectClass: account, userSearchFilter: (cn=*), extendedUserSearchFilter: (&(objectclass=account)(cn=*)), userNameAttribute: uid, userSearchAttributes : [uid], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnable d: true, groupSearchBase: [dc=ocidw,dc=prod2], groupSearchScope: 2, groupObjectClass: posixGroup, groupSearch Filter: (objectClass=posixGroup), extendedGroupSearchFilter: (&(objectclass=posixGroup)(objectClass=posixGroup)( |(member={0})(member={1}))), extendedAllGroupsSearchFilter: (&(objectclass=posixGroup)(objectClass=posixGroup)), groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [member, cn], groupUserMapSy ncEnabled: true, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: ignore 11 Jul 2018 01:10:04 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>s ink 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Performing user search first 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 1, userName: admin, groupList: [] 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 2, userName: amb_ranger_admin, groupList: [] 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 3, userName: guest, groupList: [] 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - Updating user count: 4, userName: guest2, groupList: [] 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getUsers() completed with user count: 4 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - groupSearch is enabled, would search for groups and compute memberships 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getGroups() completed with group count: 0 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - groupSearch is enabled, would search for groups and compute memberships 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getGroups() completed with group count: 0 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - groupSearch is enabled, would search for groups and compute memberships 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getGroups() completed with group count: 0 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - groupSearch is enabled, would search for groups and compute memberships 11 Jul 2018 01:10:04 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getGroups() completed with group count: 0 11 Jul 2018 01:10:04 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 11 Jul 2018 01:10:04 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink Below is ambari blueprint settings: "ranger-ugsync-site": { "properties": { "ranger.usersync.group.memberattributename": "member", "ranger.usersync.group.nameattribute": "cn", "ranger.usersync.group.objectclass": "posixGroup", "ranger.usersync.group.searchbase": "dc=ocidw,dc=%ENV%", "ranger.usersync.group.searchenabled": "true", "ranger.usersync.group.searchfilter": "(objectClass=posixGroup)", "ranger.usersync.group.searchscope": "sub", "ranger.usersync.group.usermapsyncenabled": "true", "ranger.usersync.ldap.bindalias": "ranger.usersync.ldap.bindalias", "ranger.usersync.ldap.binddn": "cn=ldapadm,dc=ocidw,dc=%ENV%", "ranger.usersync.ldap.bindkeystore": "/usr/hdp/current/ranger-usersync/conf/ugsync.jceks", "ranger.usersync.ldap.groupname.caseconversion": "none", "ranger.usersync.ldap.ldapbindpassword": "%SERVICE_PASSWORD%", "ranger.usersync.ldap.referral": "ignore", "ranger.usersync.ldap.searchBase": "dc=ocidw,dc=%ENV%", "ranger.usersync.ldap.url": "ldap://%ENV%-ambariserver.%SUBNET%.%VCN%.oraclevcn.com:389";, "ranger.usersync.ldap.username.caseconversion": "none", "ranger.usersync.ldap.user.searchscope": "sub", "ranger.usersync.ldap.user.searchbase": "ou=people,dc=ocidw,dc=%ENV%", "ranger.usersync.ldap.user.searchfilter": "(cn=*)", "ranger.usersync.ldap.user.objectclass": "account", "ranger.usersync.ldap.user.nameattribute": "uid", "ranger.usersync.ldap.deltasync": "false", "ranger.usersync.sink.impl.class": "org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder", "ranger.usersync.source.impl.class": "org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder", "ranger.usersync.ssl": "false" } { "ranger-admin-site": { "properties_attributes": {}, "properties": { "ranger.audit.solr.zookeepers":"%ENV%-namenode.%SUBNET%.%VCN%. oraclevcn.com:2181/infra-solr", "ranger.authentication.method": "LDAP", "ranger.credential.provider.path": "/etc/ranger/admin/rangeradmin.jceks", "ranger.externalurl": "http://%ENV%-namenode.%SUBNET%.%VCN%. oraclevcn.com:6080", "ranger.jpa.jdbc.driver": "oracle.jdbc.driver.OracleDriver", "ranger.jpa.jdbc.url": "jdbc:oracle:thin:@//%ORACEL_DB_HOST%", "ranger.jpa.jdbc.user": "ranger_%ENV%", "ranger.jpa.jdbc.credential.alias": "rangeradmin", "ranger.jpa.jdbc.dialect": "org.eclipse.persistence.platform.database.OraclePlatform", "ranger.ldap.base.dn": "dc=ocidw,dc=%ENV%", "ranger.ldap.bind.dn": "cn=ldapadm,dc=ocidw,dc=%ENV%", "ranger.ldap.bind.password": "%SERVICE_PASSWORD%", "ranger.ldap.group.roleattribute": "cn", "ranger.ldap.group.searchbase": "dc=ocidw,dc=%ENV%", "ranger.ldap.group.searchfilter": "(cn=*)", "ranger.ldap.referral": "follow", "ranger.ldap.url": "ldap://%ENV%-ambariserver.%SUBNET%.%VCN%. oraclevcn.com:389", "ranger.ldap.user.dnpattern": "cn=ldapadm,dc=ocidw,dc=%ENV%", "ranger.service.host": "%ENV%-namenode.%SUBNET%.%VCN%. oraclevcn.com", "ranger.service.http.enabled": "true" } } }, Any idea? Thanks a lot.
