Created 08-05-2024 05:49 PM
Hi
I'm wondering why the users are not mapped to the AD group as shown below.
These are my configurations in Ranger.
* COMMON CONFIGS
LDAP/AD URL : ldap://myADIp:389
Bind User: cn=admin,ou=ou1,dc=dc1,dc=dc2,dc=dc3
Incremental Sync: Yes
Enable LDAP STARTTLS: No
* USER CONFIGS
Username Attribute: sAMAccountName
User Object Class: user
User Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3
User Search Filter: (empty)
User Search Scope: sub
User Group Name Attribute: memberof,ismemberof
Group User Map Sync: Yes
* GROUP CONFIGS
Group Member Attribute: member
Group Name Attribute: cn
Group Object Class: group
Group Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3
Group Search Filter: (empty)
Enable Group Search First: No
Sync nested Groups: No
I would appreciate if you answer to me about this.
Thanks.
Created 08-05-2024 07:57 PM
@JiHoone Can you try changing
User Group Name Attribute: memberof,ismemberof
to
User Group Name Attribute: memberof
Created 08-05-2024 08:59 PM
Created 08-05-2024 11:25 PM
Can you update this configuration ranger.usersync.ldap.referral=Follow
Created 08-06-2024 06:38 AM
Hi @cloude,
I changed 'ranger.usersync.ldap.referral' from 'ignore' to 'follow'.
But it still doesn't work..
Thanks.
Created 08-06-2024 04:04 AM
Hi @JiHoone
Group User Mapping: Ensure that the attributes used for mapping users to groups (memberof,ismemberof) are correct and present in your AD schema. Sometimes, different attributes might be used, so double-check with your AD schema.
Group Member Attribute: Ensure that the member attribute is correctly populated in your AD for the groups.