- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Ranger users who were synced from AD aren't mapped with Group
- Labels:
-
Apache Ranger
Created 08-05-2024 05:49 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I'm wondering why the users are not mapped to the AD group as shown below.
These are my configurations in Ranger.
* COMMON CONFIGS
LDAP/AD URL : ldap://myADIp:389
Bind User: cn=admin,ou=ou1,dc=dc1,dc=dc2,dc=dc3
Incremental Sync: Yes
Enable LDAP STARTTLS: No
* USER CONFIGS
Username Attribute: sAMAccountName
User Object Class: user
User Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3
User Search Filter: (empty)
User Search Scope: sub
User Group Name Attribute: memberof,ismemberof
Group User Map Sync: Yes
* GROUP CONFIGS
Group Member Attribute: member
Group Name Attribute: cn
Group Object Class: group
Group Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3
Group Search Filter: (empty)
Enable Group Search First: No
Sync nested Groups: No
I would appreciate if you answer to me about this.
Thanks.
Created 08-05-2024 07:57 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@JiHoone Can you try changing
User Group Name Attribute: memberof,ismemberof
to
User Group Name Attribute: memberof
Created 08-05-2024 08:59 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Created 08-05-2024 11:25 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you update this configuration ranger.usersync.ldap.referral=Follow
Created 08-06-2024 06:38 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @cloude,
I changed 'ranger.usersync.ldap.referral' from 'ignore' to 'follow'.
But it still doesn't work..
Thanks.
Created 08-06-2024 04:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @JiHoone
Group User Mapping: Ensure that the attributes used for mapping users to groups (memberof,ismemberof) are correct and present in your AD schema. Sometimes, different attributes might be used, so double-check with your AD schema.
Group Member Attribute: Ensure that the member attribute is correctly populated in your AD for the groups.
