https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160421#M29177 <A rel="user" href="https://community.cloudera.com/users/177/pminovic.html" nodeid="177">@Predrag Minovic</A><P>If the LDAP server is and Active Directory, you should make sure that the sync settings are similar to what is presented in this example:</P><P style="margin-left: 20px;"><A target="_blank" href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_Ambari_Security_Guide/content/_example_active_directory_configuration.html">https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_Ambari_Security_Guide/content/_example_active_directory_configuration.html</A> </P><P>I think the reason that you are not getting all of the users you expect is because in an Active Directory, the CN is typically auto-generated using the user's first and last name where the sAMAccountName is explicitly set as the userid (or username). However, it is possible to manually set the CN to the username and thus this is probably why you are getting some and not all of the expected results. </P> Wed, 25 May 2016 08:53:10 GMT rlevas 2016-05-25T08:53:10Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160419#M29175 <P>"ambari-server sync-ldap --users file" against an LDAP server with more than 10,000 users fails saying one of the users in the file is not there. When I do ldapsearch from the command line without filter, that user is not returned, because I guess LDAP server returns max of 2000 entities. When I do ldapsearch with a filter I can find him. How can I tell Ambari to do such search using a filter? ldapsearch returns </P><PRE>distinguishedName: CN=user123456,OU=users,DC=example,DC=com</PRE><P>For ldapsearch I provide "(CN=user123456)" as my filter. In setup-ldap I do like below, but it doesn't work. Any ideas.</P><PRE>authentication.ldap.baseDn="OU=users,DC=example,DC=com" authentication.ldap.usernameAttribute=CN authentication.ldap.dnAttribute=distinguishedName authentication.ldap.userObjectClass=organizationalPerson ... have 4 classes listed: top,person,organizationlPerson, user; also tried user authentication.ldap.referral=ignore ... also tried follow</PRE><P>When I try to sync with one of the users returned using ldapserach without filter it works.</P> Sat, 21 May 2016 15:24:06 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160419#M29175 pminovic 2016-05-21T15:24:06Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160420#M29176 <P>Also tried to set authentication.ldap.pagination.enabled=false but to no avail. BTW, the LDAP is on AD.</P> Sat, 21 May 2016 18:20:02 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160420#M29176 pminovic 2016-05-21T18:20:02Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160421#M29177 <A rel="user" href="https://community.cloudera.com/users/177/pminovic.html" nodeid="177">@Predrag Minovic</A><P>If the LDAP server is and Active Directory, you should make sure that the sync settings are similar to what is presented in this example:</P><P style="margin-left: 20px;"><A target="_blank" href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_Ambari_Security_Guide/content/_example_active_directory_configuration.html">https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_Ambari_Security_Guide/content/_example_active_directory_configuration.html</A> </P><P>I think the reason that you are not getting all of the users you expect is because in an Active Directory, the CN is typically auto-generated using the user's first and last name where the sAMAccountName is explicitly set as the userid (or username). However, it is possible to manually set the CN to the username and thus this is probably why you are getting some and not all of the expected results. </P> Wed, 25 May 2016 08:53:10 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Cannot-sync-ldap-Ambari/m-p/160421#M29177 rlevas 2016-05-25T08:53:10Z