Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ldaptool - Checking usersync give Java error

Highlighted

Ldaptool - Checking usersync give Java error

Contributor

While running ./run.sh -i conf/input.properties

I am getting this error:

java.lang.StringIndexOutOfBoundsException: String index out of range

My ldaps url is: ldaps://pi-pro-ods-ed.infra.zz.net:636

7 REPLIES 7
Highlighted

Re: Ldaptool - Checking usersync give Java error

@Sushil Saxena Are you following particualr doc or tutorial?

Highlighted

Re: Ldaptool - Checking usersync give Java error

Highlighted

Re: Ldaptool - Checking usersync give Java error

Contributor

I tried that also, but getting java exception for out of index. Giving error on ldaps URL formation. For upto ldap connection, the same url works in usersync.

Re: Ldaptool - Checking usersync give Java error

@Sushil Saxena Can you share the screenshot?

Highlighted

Re: Ldaptool - Checking usersync give Java error

@Sushil Saxena

In order to use secure LDAP, the Java default truststore must be updated with the server’s self signed certificate or the CA certificate for validating the server connection. The truststore should be updated before running the tool.

See this https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_installing_manually_book/content/using_t...

Highlighted

Re: Ldaptool - Checking usersync give Java error

Contributor

yes, my truststore is updated with CA certificate. The path is mentioned in LDAP usersync. Tha't why it start fetching the users and groups from Ranger Usersync UI using ldap bind. But my problem is filtering users within the groups. I tried (&(objectClass=person)(member=cn=abcgroup)) , but is not fetching the users. Then I tried ldapsearch and can see the member within a group. But unfortunately the user sync in not filtering users within specified group. I also tried LDAP administrator tool to filter users within a group but didn't find right searching/filter string. Now to see what is happening, I start checking from LDAP tool instead of Rnager Usersyn UI. The last hope is only to contact LDAP administrator for getting user search filter string for fetching users within specified groups.

Highlighted

Re: Ldaptool - Checking usersync give Java error

Contributor

@Neeraj Sabharwal

Below see below my input file, run, and log.

conf/input.properties

------------------------------------------------------------------------------------------------------------

ranger.usersync.ldap.url=ldaps://pro-ods-ed.net:636 ranger.usersync.ldap.binddn=cn=ranger_ldap,ou=Applications,o=zz.com

ranger.usersync.ldap.ldapbindpassword=xxxxxx

ranger.usersync.ldap.user.searchbase=o=zz.com

ranger.usersync.ldap.user.searchfilter=(&(objectClass=person)(member=cn=TEAM_EDL_Dev))

ranger.admin.auth.sampleuser=abc@zz.com

ranger.admin.auth.samplepassword=xxxxxxx

ranger.usersync.ldap.user.nameattribute='uid'

ranger.usersync.ldap.user.objectclass='person'

ranger.usersync.ldap.user.groupnameattribute='cn'

ranger.usersync.group.searchenabled=true

ranger.usersync.group.memberattributename='member'

ranger.usersync.group.nameattribute='cn' ranger.usersync.group.objectclass='groupOfNames'

ranger.usersync.group.searchbase='o=zz.com'

ranger.usersync.group.searchfilter='(|(cn=edl*)(cn=TEAM_EDL_Dev))'

ranger.usersync.ldap.authentication.mechanism=simple

ranger.usersync.pagedresultsenabled=true

ranger.usersync.pagedresultssize=500

ranger.usersync.ldap.username.caseconversion=none

ranger.usersync.ldap.groupname.caseconversion=none

ranger.usersync.ldap.user.searchscope=sub

ranger.usersync.group.searchscope=sub

ranger.usersync.credstore.filename=/usr/hdp/current/ranger-usersync/conf/ugsync.jceks

ranger.usersync.ldap.bindalias=ranger.usersync.ldap.bindalias

ranger.usersync.ldap.searchBase=o=zz.com

ranger.usersync.group.usermapsyncenabled=true

----------------------------------------------------------------------------------------------------

./run.sh -i conf/input.properties

JAVA commnad = java -cp /usr/hdp/current/ranger-usersync/ldaptool/lib/ldapconfigcheck.jar:/usr/hdp/current/ranger-usersync/ldaptool/lib/*:/usr/hdp/current/ranger-usersync/ldaptool/conf org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain -i conf/input.properties -o /usr/hdp/current/ranger-usersync/ldaptool/output/

Default to discover all usersync properties

Reading ldap properties from conf/input.properties

--------------------------------------------------------------------------------------------------------------

cat output/ldapConfigCheck.log

------------------------------------------------

ERROR: Failed to initialize the user sync properties java.lang.StringIndexOutOfBoundsException: String index out of range: -1 ERROR:

Connection failed: For input string: "636""

Don't have an account?
Coming from Hortonworks? Activate your account here