@Ekantheshwara Basappa You probably found your way past this by now. 🙂 I ran into this problem today and the issue ended up being the "Group name attribute" was not set correctly. I was able to solve it by using ldapsearch to query for a group from the Active Directory server and then read how it listed its values. For example, this search will return all groups that exist within the example.com AD: ldapsearch -o ldif-wrap=no -LLL -D firstname.lastname@example.org -W -h <ldap_ip_address> -p 389 '(objectClass=group)' -b "DC=example,DC=com" Here is what a single response from the above search looks like (minus the unnecessary bits): dn: CN=my_group,OU=Groups,DC=example,DC=com
Reviewing this ldapsearch response, you can figure out what your entries should be for ldap-sync in Ambari Notice the group's name attribute is "cn" and that group member attribute is "member". This is what solved it for me anyway...
... View more