Community Articles

Ambari user sync will fail to map or import users when trying to pull from groups with 1,500+ members.

What we see when we use ldapsearch to query a large group is:

<snip> 
member;range=0-1499: CN=Elgine Metzger,OU=users,OU=test,DC=j4ck3l,DC=net 
member;range=0-1499: CN=Friedolf Welter,OU=users,OU=test,DC=j4ck3l,DC=net 
</snip> 

This is seems to come from the LDAP Policy value: MaxValRange

"MaxValueRange controls the number of values that are returned on a single attribute on a single object. Default"1500 Hard Limit: 5000" -- http://ldapwiki.com/wiki/MaxValRange

To fix this:

1. Go to the domain controller that we’re connecting to for the sync
2. Find the file ntdsutil.exe (most likely under c:\windows\system32 or c:\winnt\system32
3. Run the ntdsutil.exe
4. Type “ldap policies” and enter
5. Type "connections" and enter
6. Type "Connect to server [YourDCName]" and enter
7. Type "q" and enter
8. Type "Show Values" to see the current settings
9. Type “Set MaxValRange to 2500” and enter
10. Type “Commit Changes” and enter
11. Type “Show Values” and enter

-- https://support.intranetconnections.com/hc/en-us/articles/214747288-Changing-LDAP-Settings-Increasin...

member: CN=Elgine Metzger,OU=users,OU=test,DC=j4ck3l,DC=net 
member: CN=Friedolf Welter,OU=users,OU=test,DC=j4ck3l,DC=net

The group should now successfully sync with Ambari