Support Questions

JiHoone · ‎08-05-2024

Hi

I'm wondering why the users are not mapped to the AD group as shown below.

These are my configurations in Ranger.

* COMMON CONFIGS

LDAP/AD URL : ldap://myADIp:389

Bind User: cn=admin,ou=ou1,dc=dc1,dc=dc2,dc=dc3

Incremental Sync: Yes

Enable LDAP STARTTLS: No

* USER CONFIGS

Username Attribute: sAMAccountName

User Object Class: user

User Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

User Search Filter: (empty)

User Search Scope: sub

User Group Name Attribute: memberof,ismemberof

Group User Map Sync: Yes

* GROUP CONFIGS

Group Member Attribute: member

Group Name Attribute: cn

Group Object Class: group

Group Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

Group Search Filter: (empty)

Enable Group Search First: No

Sync nested Groups: No

I would appreciate if you answer to me about this.

Thanks.

Scharan · ‎08-05-2024

@JiHoone Can you try changing

User Group Name Attribute: memberof,ismemberof

to

User Group Name Attribute: memberof

JiHoone · ‎08-05-2024

Hi @Scharan,

I changed the config, and then restarted the Ranger.

But it is still same...

cloude · ‎08-05-2024

@JiHoone

Can you update this configuration ranger.usersync.ldap.referral=Follow

JiHoone · ‎08-06-2024

Hi @cloude,

I changed 'ranger.usersync.ldap.referral' from 'ignore' to 'follow'.

But it still doesn't work..

Thanks.

vipindast · ‎08-06-2024

Hi @JiHoone

Group User Mapping: Ensure that the attributes used for mapping users to groups (memberof,ismemberof) are correct and present in your AD schema. Sometimes, different attributes might be used, so double-check with your AD schema.

Group Member Attribute: Ensure that the member attribute is correctly populated in your AD for the groups.

Cloudera Community

Support Questions

Ranger users who were synced from AD aren't mapped with Group