Ranger User sync not able to sync users while group is getting synced.

dmahato — Fri, 30 Apr 2021 18:52:22 GMT

Hi,

I am facing an issue while running ranger user sync. It's able to sync groups but not users. I am not getting any errors also.

Re: Ranger User sync not able to sync users while group is getting synced.

cjervis — Fri, 30 Apr 2021 19:29:47 GMT

Not sure if this older solution will help but it's worth a look.

Re: Ranger User sync not able to sync users while group is getting synced.

vamsi_redd — Mon, 24 May 2021 10:32:21 GMT

Hi,

Did you enable user search and Please share usersync configs.

Regards,

Vamsi

Re: Ranger User sync not able to sync users while group is getting synced.

arunek95 — Tue, 25 May 2021 08:45:23 GMT

Hi, Are you able to see the users in the usersync logs ? can you please share the usersync logs from ranger and also some users which are not synced to check logs.

Re: Ranger User sync not able to sync users while group is getting synced.

tarekabouzeid91 — Wed, 26 May 2021 11:57:51 GMT

Hi,

Below are configuration for connecting Apache Ranger with LDAP/LDAPS. There's an important tool that will help to identify some settings in your AD AD Explorer - Windows Sysinternals | Microsoft Docs

This configuration will sync LDAP users and link them with their LDAP groups every 12 hour, so you later from Apache Ranger you can give permission based on LDAP groups as well.

For connecting using LDAPS, make sure you have the proper certificates added in the same server that contains the Ranger's UserSync service.

Configuration Name	Configuration Value	Comment
ranger.usersync.source.impl.class	org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
ranger.usersync.sleeptimeinmillisbetweensynccycle	12 hour
ranger.usersync.ldap.url	ldaps://myldapserver.example.com	ldaps or ldap based on your LDAP security
ranger.usersync.ldap.binddn	myuser@example.com
ranger.usersync.ldap.ldapbindpassword	mypassword
ranger.usersync.ldap.searchBase	OU=hadoop,DC=example,DC=com	you can browse your AD and check which OU you want to make Ranger sync
ranger.usersync.ldap.user.searchbase	OU=hadoop2,DC=example,DC=com;OU=hadoop,DC=example,DC=com	you can browse your AD and check which OU you want to make Ranger sync, you can also add 2 OU and separate them with ;
ranger.usersync.ldap.user.objectclass	user	double check the same
ranger.usersync.ldap.user.searchfilter	(memberOf=CN=HADOOP_ACCESS,DC=example,DC=com)	if you want to filter specific users to be synced in ranger and not your entire AD
ranger.usersync.ldap.user.nameattribute	sAMAccountName	double check the same
ranger.usersync.ldap.user.groupnameattribute	memberOf	double check the same
ranger.usersync.user.searchenabled	true
ranger.usersync.group.searchbase	OU=hadoop,DC=example,DC=com	you can browse your AD and check which OU you want to make Ranger sync
ranger.usersync.group.objectclass	group	double check the same
ranger.usersync.group.searchfilter	(cn=hadoop_*)	if you want to sync specific groups not all AD groups
ranger.usersync.group.nameattribute	cn	double check the same
ranger.usersync.group.memberattributename	member	double check the same
ranger.usersync.group.search.first.enabled	true
ranger.usersync.truststore.file	/path/to/truststore-file
ranger.usersync.truststore.password	TRUST_STORE_PASSWORD

There's some helpful links about how to construct complex LDAP search queries Search Filter Syntax - Win32 apps | Microsoft Docs

Best Regards,

question Ranger User sync not able to sync users while group is getting synced. in Support Questions

Ranger User sync not able to sync users while group is getting synced.

Re: Ranger User sync not able to sync users while group is getting synced.

Re: Ranger User sync not able to sync users while group is getting synced.

Re: Ranger User sync not able to sync users while group is getting synced.

Re: Ranger User sync not able to sync users while group is getting synced.