Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Ranger users who were synced from AD aren't mapped with Group

Labels:
avatar
author-rank JiHoone
Explorer

Created ‎08-05-2024 05:49 PM

Hi

I'm wondering why the users are not mapped to the AD group as shown below.

JiHoone_0-1722904458620.png

These are my configurations in Ranger.

 

* COMMON CONFIGS

LDAP/AD URL : ldap://myADIp:389

Bind User: cn=admin,ou=ou1,dc=dc1,dc=dc2,dc=dc3

Incremental Sync: Yes

Enable LDAP STARTTLS: No

 

* USER CONFIGS

Username Attribute: sAMAccountName

User Object Class: user

User Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

User Search Filter: (empty)

User Search Scope: sub

User Group Name Attribute: memberof,ismemberof

Group User Map Sync: Yes

 

* GROUP CONFIGS

Group Member Attribute: member

Group Name Attribute: cn

Group Object Class: group

Group Search Base: ou=ou1,dc=dc1,dc=dc2,dc=dc3

Group Search Filter: (empty)

Enable Group Search First: No

Sync nested Groups: No

 

 

I would appreciate if you answer to me about this.

Thanks.

 

908 Views
0 Kudos
0
5 REPLIES 5

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎08-05-2024 07:57 PM

@JiHoone Can you try changing 

User Group Name Attribute: memberof,ismemberof 

to

User Group Name Attribute: memberof

 

892 Views
0 Kudos

avatar
author-rank JiHoone
Explorer

Created ‎08-05-2024 08:59 PM

Hi @Scharan,

I changed the config, and then restarted the Ranger.

But it is still same...

883 Views
0 Kudos

avatar
author-rank cloude author-rank
Contributor

Created ‎08-05-2024 11:25 PM

@JiHoone 

Can you update this configuration ranger.usersync.ldap.referral=Follow

869 Views

avatar
author-rank JiHoone
Explorer

Created ‎08-06-2024 06:38 AM

Hi @cloude,

I changed 'ranger.usersync.ldap.referral' from 'ignore' to 'follow'.

But it still doesn't work..

Thanks.

837 Views
0 Kudos

avatar
author-rank vipindast author-rank
Contributor

Created ‎08-06-2024 04:04 AM

Hi @JiHoone 

Group User Mapping: Ensure that the attributes used for mapping users to groups (memberof,ismemberof) are correct and present in your AD schema. Sometimes, different attributes might be used, so double-check with your AD schema.

Group Member Attribute: Ensure that the member attribute is correctly populated in your AD for the groups.

855 Views
Announcements
Community Announcements
Keep up to date on the Cloudera and Hortonworks community me...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements