Support Questions

Find answers, ask questions, and share your expertise

Ranger users who were synced from AD aren't mapped with Group

avatar
Explorer

Hi

I'm wondering why the users are not mapped to the AD group as shown below.

JiHoone_0-1722904458620.png

These are my configurations in Ranger.

 

* COMMON CONFIGS

LDAP/AD URL : ldap://myADIp:389

Bind User: cn=admin,ou=ou1,dc=dc1,dc=dc2,dc=dc3

Incremental Sync: Yes

Enable LDAP STARTTLS: No

 

* USER CONFIGS

Username Attribute: sAMAccountName

User Object Class: user

User Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

User Search Filter: (empty)

User Search Scope: sub

User Group Name Attribute: memberof,ismemberof

Group User Map Sync: Yes

 

* GROUP CONFIGS

Group Member Attribute: member

Group Name Attribute: cn

Group Object Class: group

Group Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

Group Search Filter: (empty)

Enable Group Search First: No

Sync nested Groups: No

 

 

I would appreciate if you answer to me about this.

Thanks.

 

5 REPLIES 5

avatar
Master Collaborator

@JiHoone Can you try changing 

User Group Name Attribute: memberof,ismemberof 

to

User Group Name Attribute: memberof

 

avatar
Explorer

Hi @Scharan,

I changed the config, and then restarted the Ranger.

But it is still same...

avatar
Contributor

@JiHoone 

Can you update this configuration ranger.usersync.ldap.referral=Follow

avatar
Explorer

Hi @cloude,

I changed 'ranger.usersync.ldap.referral' from 'ignore' to 'follow'.

But it still doesn't work..

Thanks.

avatar
Contributor

Hi @JiHoone 

Group User Mapping: Ensure that the attributes used for mapping users to groups (memberof,ismemberof) are correct and present in your AD schema. Sometimes, different attributes might be used, so double-check with your AD schema.

Group Member Attribute: Ensure that the member attribute is correctly populated in your AD for the groups.