Created on 06-01-2016 12:11 PM
1 . ADDING a member to another group and being able to manage them internally without having to deal with outside or additional products.
2 . To be able to easily determine what members reside in what groups instead of having to scroll down page after page to see what members are in what groups especially when you have hundreds of users to keep track of.
3 . To easily administer various groups without having the hassle of creating more and more Active Directory/LDAP associations and having to submit change control requests to other departments for something we should be able to administer on our own.
Unix
Text file - CSV or JSON format
If the filename does not end with .json, each line in the file will be treated as a delimiter separated fields of the following format. Default delimiter is a comma; this can be changed using configuration shown above.
user-1,group-1,group-2,group-3 user-2,group-x,group-y,group-z CSV File Format e.g. UserGroupSyncFile.txt "user21","group20","group218","group26","group27","group262","group242","group219","group23" "user22","group20","group218","group26" "user23","user24","group20","group218"
To run it as Command Line tool:
java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.txt
Steps :
Create a group called solr_group and add certain users (imported from LDAP) into that group that we know will use SOLR. All the users are associated with the groups defined through LDAP and nothing else but we want to create additional groups and link users to those groups on Ranger.
1. Cluster with Ranger and configure with LDAP users. Here it is "packer".
2. Create a internal group on Ranger UI. Here it is "solr_group".
3. Edit an external LDAP user to add it to the group that we created.
4. Unable to edit the group field(greyed out) on Ranger UI for that LDAP user.
[root@sandbox ~]# vi /tmp/ugsync.txt [root@sandbox ~]# cat /tmp/ugsync.txt "packer","packer","mygrp","test","solr_group" [root@sandbox ~]# java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/ugsync.txt log4j: reset attribute= "false".log4j: Threshold ="null".log4j: Level value for root is [info].log4j: root level set to INFOlog4j: Class name: [org.apache.log4j.DailyRollingFileAppender]log4j: Setting property [file] to [/var/log/ranger/usersync/usersync.log].log4j: Setting property [datePattern] to ['.'yyyy-MM-dd].log4j: Parsing layout of class: "org.apache.log4j.PatternLayout"log4j: Setting property [conversionPattern] to [%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n].log4j: setFile called: /var/log/ranger/usersync/usersync.log, truelog4j: setFile endedlog4j: Appender [logFile] to be rolled at midnight.log4j: Adding appender named [logFile] to category [root].log4j: /var/log/ranger/usersync/usersync.log -> /var/log/ranger/usersync/usersync.log.2016-04-04log4j: setFile called: /var/log/ranger/usersync/usersync.log, truelog4j: setFile ended [root@sandbox ~]# cd /var/log/ranger/usersync
Created on 08-23-2017 01:30 PM
Hi,
I'm using SSL-enabled Ranger 0.7 with LDAP/AP usersync. I wiped the external groups added by the LDAP/AD sync process and I'm attempting to add a user imported from LDAP/AP (demo1) to an internal group (demo1_grp). So before starting the user demo1 had no groups.
My /tmp/ugsync.txt file is as follows:
# cat /tmp/ugsync.txt
"demo1","demo1","demo1_grp"
When launching the code above I get the following erros:
log4j: reset attribute= "false".
log4j: Threshold ="null".
log4j: Level value for root is [info].
log4j: root level set to INFO
log4j: Class name: [org.apache.
log4j.DailyRollingFileAppender]
log4j: Setting property [file] to [/var/log/ranger/usersync/usersync.log].
log4j: Setting property [datePattern] to ['.'yyyy-MM-dd].
log4j: Parsing layout of class: "org.apache.log4j.PatternLayout"
log4j: Setting property [conversionPattern] to [%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n].
log4j: setFile called: /var/log/ranger/usersync/usersync.log, true
log4j: setFile ended
log4j: Appender [logFile] to be rolled at midnight.
log4j: Adding appender named [logFile] to category [root].
Exception in thread "main" java.lang.NullPointerException
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:425)
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:194)
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:163)
at org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder.main(FileSourceUserGroupBuilder.java:63)
Any ideas? Thanks in advance.