@Ekantheshwara Basappa You probably found your way past this by now. 🙂 I ran into this problem today and the issue ended up being the "Group name attribute" was not set correctly. I was able to solve it by using ldapsearch to query for a group from the Active Directory server and then read how it listed its values. For example, this search will return all groups that exist within the example.com AD: ldapsearch -o ldif-wrap=no -LLL -D any_user@example.com -W -h <ldap_ip_address> -p 389 '(objectClass=group)' -b "DC=example,DC=com" Here is what a single response from the above search looks like (minus the unnecessary bits): dn: CN=my_group,OU=Groups,DC=example,DC=com
objectClass: top
objectClass: group
cn: my_group
member: CN=user3,OU=Users,DC=example,DC=com
member: CN=user2,OU=Users,DC=example,DC=com
member: CN=user1,OU=Users,DC=example,DC=com
distinguishedName: CN=my_group,OU=Groups,DC=example,DC=com
name: my_group
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
Reviewing this ldapsearch response, you can figure out what your entries should be for ldap-sync in Ambari Notice the group's name attribute is "cn" and that group member attribute is "member". This is what solved it for me anyway...
... View more
