I had to modify my User Search Filter. After I did this the group users synced with UserName = sAMAccountName. However, when doing this, it made UserSync go through the entire LDAPS list of users (1000s)... ... View more

I tried on a new cluster, with the settings as you suggest (group sync on, user sync on, group search first on and the results are the same... all the users synced from the Group do not have the sAMAccountname as the username.... How does one get the Group Sync to correctly map the username? (my original post) ... View more

@Luke Luke Thanks. I wanted to try your method to see if I could get it to go further. ... View more

@spolavarapu I have not tried a fresh Group Sync with "Enable User Search" but I did enable it and below I provided a copy of the settings and the log output after restarting Ranger. Is there anything configured incorrectly? To see Enable User Search be effective, do I need to start with a fresh test? The Group Sync Users below were previously synced with that toggle switch in the NO Position. I have changed text to be generic, and only provide 1 group user log line. UserSync: GroupSync Log is here: 24 Jul 2018 06:54:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization started 24 Jul 2018 06:54:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization com pleted with -- ldapUrl: ldaps://LDAP.NDC.DOMAIN.COM:636, ldapBindDn: CN=svks-dw-ldap,OU=Services,OU=Administrators, DC=ndc,DC=domain,DC=com, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=hadoop,dc=apache ,dc=org, userSearchBase: [OU=Accounts,DC=ndc,DC=domain,DC=com], userSearchScope: 2, userObjectClass: user, userSearchF ilter: CN=Matison\, Steven R, extendedUserSearchFilter: null, userNameAttribute: sAMAccountName, userSearch Attributes: [uSNChanged, sAMAccountName, modifytimestamp], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [OU=Groups,OU=KS,DC=ndc,DC=domain,DC =com], groupSearchScope: 2, groupObjectClass: group, groupSearchFilter: CN=KS-ABG-ABC Users, extendedGroupSearchFil ter: (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, group NameAttribute: cn, groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], groupUserMapSyncEnabled: true, gro upSearchFirstEnabled: true, userSearchEnabled: true, ldapReferral: ignore 24 Jul 2018 06:54:46 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 24 Jul 2018 06:54:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started 24 Jul 2018 06:54:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing Group search first 24 Jul 2018 06:54:47 INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello] 24 Jul 2018 06:54:47 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1] 24 Jul 2018 06:54:47 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1] 24 Jul 2018 06:54:47 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2] 24 Jul 2018 06:54:47 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=group)(CN=KS-ABG-ABC Users)(|(uSNChanged>=0)(modifyTimestamp>=19691231070000Z))) 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longUserName: CN=Doe\, John,OU=Resource Admins,OU=Administrators,DC=ndc,DC=domain,DC=com, userName: Doe[ 19 additional results omitted ] 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - No. of members in the group KS-ABG-ABC Users = 20 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 1 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - User search is enabled and hence computing user membership. 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=user)(|(uSNChanged>=0)(modifyTimestamp>=19691231070000Z))(CN=Matison\, Steven R)) 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 760228369and currentDeltaSyncTime = 760228369 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: smatison 24 Jul 2018 06:54:51 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0 24 Jul 2018 06:55:01 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - sink.postUserGroupAuditInfo failed with exception: POST http://c7305.ndc.doman.com:6080/service/xusers/ugsync/auditinfo/ returned a response status of 400 Bad Request 24 Jul 2018 06:55:01 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 24 Jul 2018 06:55:01 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink <br> ... View more

@Luke Luke Attach that VDF please? ... View more

First, congrats on getting started with NiFi and not being afraid to tackle one of the harder processors: ExecuteScript. My advice is to start small, get a working script that maybe doesnt do what you want, but does actually complete and return SUCCESS in your NiFi flow. From there you can start building it up and testing step by step. I also recommend that you tail the NIFI Log during all of your work so that you can see any errors or information from each test/step. My last peice of advice for an advanced script would be to manually execute your script to ensure that its logic is working outside of the execution from within NiFi. You may find the following links very helpful: https://community.hortonworks.com/articles/75032/executescript-cookbook-part-1.html https://community.hortonworks.com/articles/75545/executescript-cookbook-part-2.html https://community.hortonworks.com/articles/75545/executescript-cookbook-part-3.html If my answer is helpful, please choose ACCEPT. ... View more

Try DASH DASH for your arguments: --hcatalog --table Also, best advice always try and search your errors for solutions: "sqoop Unrecognized argument: -hcatalog", "sqoop Unrecognized argument: -table" I like to search here, stack, or google.... ... View more

@spolavarapu The UserSync feature is working with sAMAccountName and those users have the User Name imported correctly. It is the Group Sync that gets all users from the Group with the wrong User Name. How do i tell Group Sync which username attribute to use? ... View more

@Luke Luke I downloaded and extracted the HDF Mpack, then started editing the files inside. I changed the config for stack "HDF" to "HDP" and was able to get NiFi to appear in Add Services. At first my installs failed but I finished wizard to find Nifi and Nifi CA listed in the side bar, but as "Installed Failed". I did re-installs manually by choosing Re-Install on the NiFi host page and started modifying the scripts on the nifi node (path: /var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/) until all errors were satisfied. I was mostly just commenting out the conflicting lines. Then NiFi installed and started as expected. My plan today is delete NiFi, and get a full install without errors thus completing my HDP Mpack for NiFi. ... View more

I was able to get it up without any issues. 1. install mariadb-server & mysql connector as follows yum install mysql-connector-java -y yum install mariadb-server -y systemctl start mariadb systemctl enable mariadb ambari-server setup --jdbc-db=mysql --jdbc-driver=/usr/share/java/mysql-connector-java.jar 2. Execute sql: CREATE DATABASE ranger; CREATE USER 'ranger'@'%' IDENTIFIED BY 'ranger'; CREATE USER 'ranger'@'RANGERHOST' IDENTIFIED BY 'ranger'; GRANT ALL PRIVILEGES ON *.* TO 'ranger'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'ranger'@'RANGERHOST' WITH GRANT OPTION; FLUSH PRIVILEGES; CREATE DATABASE rangerkms; CREATE USER 'rangerkms'@'%' IDENTIFIED BY 'rangerkms'; CREATE USER 'rangerkms'@'RANGERHOST' IDENTIFIED BY 'rangerkms'; | GRANT ALL PRIVILEGES ON *.* TO 'rangerkms'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'rangerkms'@'RANGERHOST' WITH GRANT OPTION; FLUSH PRIVILEGES; 3. Enter settings in ranger config and then click TEST ... View more