Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger usersync not deleting old usergroups

Highlighted

Ranger usersync not deleting old usergroups

Contributor

I have integrated Ranger with AD. There was a mistake in configuration, in Group Name Attribute I have given DistinguishedName instead of just cn. Which resulted in synchronization of all the groups with fully distinguished names. Now that I have changed that attribute to CN, It is syncing group names but the old group names(groups with full distinguished names) are still mapped to users. Is there a way to delete them? I think ranger sync should take care of that. isn't it ?

2 REPLIES 2

Re: Ranger usersync not deleting old usergroups

Rising Star
@vinay kumar

rangersync doesn't automatically remove deleted groups (but I agree with you it should - hopefully a feature we can see in a future release)

For the time being, you can delete your users and groups using either the API or the scripts attached in the following answer thread:

https://community.hortonworks.com/questions/1021/how-to-remove-all-external-users-from-the-ranger-r....

Hope that helps

Re: Ranger usersync not deleting old usergroups

Contributor

Currently Ranger usersync doesn't remove de-provisioned users (Users who have been either removed or inactivated in the LDAP server) automatically. This feature is still not available in Ranger.


And this issue was already raised under RANGER-980, which is still unresolved.


Current solution available is "Remove these de-provisioned users using either Ranger WebUI, Ranger API’s or Ranger Database".