Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Only a few Groups showing in ranger

Solved Go to solution
Highlighted

Only a few Groups showing in ranger

Contributor

Hi Team,

I have configured group config in ambari as:

Group Member Attribute=member

Group Name Attribute: cn

Group Object Class: group

Group Search Base: ou=Groups,dc=example,dc=com

Group Search Filter: cn=*

ranger.usersync.ldap.referral: follow

I have done ldapsearch for one group bdg_itadmin_s as shown below:

# bdg_itadmin_s, example, example.com dn: CN=bdg_itadmin_s,OU=Groups,DC=example,DC=com objectClass: top objectClass: group cn: bdg_itadmin_s distinguishedName: CN=bdg_itadmin_s,OU=Groups,DC=example,DC=com instanceType: 4 whenCreated: 20160926083435.0Z whenChanged: 20160926083435.0Z uSNCreated: 11545972 uSNChanged: 11545972 name: bdg_itadmin_s objectGUID:: iTJZ3zcD9UK6Xi40sxRB3A== objectSid:: AQUAAAAAAAUVAAAADqCFIi054a3apg99awsAAA== sAMAccountName: bdg_itadmin_s sAMAccountType: 268435456 groupType: -2147483646 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com dSCorePropagationData: 16010101000000.0Z

# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false MIQAAAAFAgEABAA= pagedresults: cookie=

# numResponses: 2 # numEntries: 1

Also we have 15 groups configured in AD, however we are able to see only 4 groups in ranger after restarting ranger. I am attaching the screenshot for your kind review.

7984-ranger3.jpg

Can you please help us here??

Regards,

Rahul

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Only a few Groups showing in ranger

Contributor

@Deepak Sharma @Vipin Rathor

Hi All,

The users are in ou=staff,ou=lab,ou=users,dc=example,dc=com and groups are in ou=Groups,dc=example,dc=com and also users are syncing properly.

In groups config, everything was correct. But the issue was in user search base which I had initially given as ou=lab,ou=users,dc=example,dc=com. So I changed the user search base to

ou=staff,ou=lab,ou=users,dc=example,dc=com and then all my groups started to sync. Finally I can see my groups under groups tab in ranger. Thank you all for all the help and ideas you provided.

Thanks,

Rahul

View solution in original post

6 REPLIES 6
Highlighted

Re: Only a few Groups showing in ranger

Guru

Hello @Rahul Buragohain

You need to check if you are getting all 15 groups in the ldapsearch command output. Also please share that ldpasearch command with the options.

Your group search filter is going to filter all the records which have "cn" field, which will match to probably all records. You might want to try again after removing the group search filter.

Also, please change the search base to "OU=Groups,DC=example,DC=com" (with the correct case). Not that it is going to change anything but just wanted to be on safe side.

Hope this helps.

Highlighted

Re: Only a few Groups showing in ranger

@Rahul Buragohain

can you please provide usersync logs , can you check one more thing that users that belong to the groups other than those 4 syncd groups, are those uses syncd ?

Highlighted

Re: Only a few Groups showing in ranger

Contributor

@Deepak Sharma

Hi Deepak,

Users that belong to the groups other than those 4 syncd groups are syncing properly. I dont have any issue in user sync, I have issues only with group sync.

Thanks,

Rahul

Highlighted

Re: Only a few Groups showing in ranger

can you please provide usersync logs too under /var/log/ranger/usersync

Re: Only a few Groups showing in ranger

Contributor

@Deepak Sharma @Vipin Rathor

Hi All,

The users are in ou=staff,ou=lab,ou=users,dc=example,dc=com and groups are in ou=Groups,dc=example,dc=com and also users are syncing properly.

In groups config, everything was correct. But the issue was in user search base which I had initially given as ou=lab,ou=users,dc=example,dc=com. So I changed the user search base to

ou=staff,ou=lab,ou=users,dc=example,dc=com and then all my groups started to sync. Finally I can see my groups under groups tab in ranger. Thank you all for all the help and ideas you provided.

Thanks,

Rahul

View solution in original post

Highlighted

Re: Only a few Groups showing in ranger

Guru

Thank you @Rahul Buragohain for letting us know. Please select any best answer for the others to follow how this problem was fixed. Thanks.

Don't have an account?
Coming from Hortonworks? Activate your account here