Support Questions
Find answers, ask questions, and share your expertise

How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Solved Go to solution

Re: How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Explorer

Thank you for telling me the url to the Microsoft documentation, but I couldn't find this page.

852-スクリーンショット-2015-12-16-102348.png

I would like to tell you more information, but I don't know why our AD is like this. So sorry.

Highlighted

Re: How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Mentor

@Junichi Oda has this been resolved? Please accept best answer or provide your own solution.

Highlighted

Re: How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Explorer

@Artem Ervits

So Sorry for replying late.

I understood that our environment was unusual. I'm about to write the small script.

This script will get users and groups list from our LDAP server and make available for the Ranger to read.

The Ranger will synchronize users and groups list to the formated list.

Highlighted

Re: How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Contributor

@Junichi Oda @Ali Bajwa @spolavarap

Did you got the solution?. I am struggling a lot and not able to search users within group. Here are my settings. Only groups getting fetched but no user. If I remove User Search Filter, I am able to fetch all users including users from other groups.

Username Attribute = uid

User Object Class = inetOrgPerson

User Search Base = zz.com

User Search Filter = (memberof=cn=TEAM_EDL_Dev,ou=Groups,o=zz.com)

User Search Scope = sub

User Group Name Attribute = memberof,ismemberof

Group Member Attribute = member

Group Name Attribute = cn

Group Object Class = groupOfNames

Group Search Base = zz.com

Group Search Filter = (|(cn=edl*)(cn=TEAM_EDL_Dev)

Highlighted

Re: How does the gid associate the groupname in the group info in Ranger Usersync with LDAP?

Contributor

Hi @Junichi Oda,

We have the same error in the Ranger log, even when the groupnames are filled:

ERROR LdapUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: org/apache/commons/httpclient/URIException, for user: userX, groups: [groupX, groupY]

I have inspected the sourcecode from ranger-0.6 which is part of HDP-2.4.3.0 our current version of the stack.

Interesting enough all calls to remote server inside LdapUserGroupBuilder.addOrUpdateUser(user, groups) are wrapped in a try-catch(Exception e). There is addUser, addUserGroupInfo and delXUserGroupInfo. But we don't see that in the log. The addOrUpdateUser is wrapped with try-catch(Throwable t). Looks like its an Error not an Exception!

I found this RANGER-804 ticket revering to missing classes. I copied the jars in '/usr/hdp/current/ranger-usersync/lib' from another folder. The code runs but I have a Certificate PKI error at the moment because we use LDAPS, but looks like this might get you further.

Greetings, Alexander