Hi Keta…
What version of Ambari are you using? My guess is 2.2.0. If so, I think you
may have bumped into the bug fixed in
https://issues.apache.org/jira/browse/AMBARI-15031, which will be released in
Ambari version 2.2.2 - I am not sure of the release date for that.
Unfortunately, to perform subsequent sync-all operations with your current
version, you will need to clear out the imported LDAP groups and associated
metadata from the Ambari database. Else you will be able to sync an explicit
set of groups using the —group option.
To clear out the imported groups and associated metadata from the Ambari
database (after backing up your database), you will need to delete all groups
from the `groups` table where `ldap_group`=1. You will also need to remove all
records from the `adminprincipal` table where the `principal_id` equals the
`groups.principal_id` for the relevant records. So something like this should
do the trick.
DELETE FROM adminprincipal WHERE principal_id IN (SELECT principal_id
FROM groups WHERE ldap_group=1);
DELETE FROM groups WHERE ldap_group=1;
Rob
On 2/18/16, 8:00 PM, "Keta Patel" <[email protected]> wrote:
>Adding more detail to my question:
>
>The following is what I see when I perform sync-ldap consecutively.
>*The very 1st call:*
>>>ambari-server sync-ldap --all
>
>*Result:*
>Using python /usr/bin/python2
>Syncing with LDAP...
>Enter Ambari Admin login: admin
>Enter Ambari Admin password:
>Syncing all...
>
>Completed LDAP Sync.
>Summary:
> memberships:
> removed = 0
> created = 0
> users:
> updated = 0
> removed = 0
> created = 0
> groups:
> updated = 0
> removed = 0
> created = 2
>
>Ambari Server 'sync-ldap' completed successfully.
>
>
>
>
>*The 2nd time I call:*
>>>ambari-server sync-ldap --all
>
>*Result:*
>Using python /usr/bin/python2
>Syncing with LDAP...
>Enter Ambari Admin login: admin
>Enter Ambari Admin password:
>Syncing all...ERROR: Exiting with exit code 1.
>REASON: Caught exception running LDAP sync. Exception [EclipseLink-4002]
>(Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd):
>org.eclipse.persistence.exceptions.DatabaseException
>Internal Exception: java.sql.BatchUpdateException: Batch entry 0 INSERT
>INTO groups (group_id, group_name, ldap_group, principal_id) VALUES (524,
>'sheetsg9', 1, 5527) was aborted. Call getNextException to see the cause.
>Error Code: 0
>Call: INSERT INTO groups (group_id, group_name, ldap_group, principal_id)
>VALUES (?, ?, ?, ?)
> bind => [4 parameters bound]
>
>
>
>The only difference I found with the LDAP group "sheetsg9" when compared to
>the other LDAP groups was that *it had no users associated with it.*
>The workaround involves deleting that group from the "groups" table in the
>DB and syncing again. The sync goes through fine after that.
>
>Is this the expected behavior of "sync-ldap --all" or is the case of
>handling groups with no users not handled properly?
>
>On Thu, Feb 18, 2016 at 3:27 PM, Keta Patel <
>[email protected]> wrote:
>
>> Hello all,
>> What is the expected behavior of "ambari-server sync-ldap --all" on the
>> 2nd or later calls?
>>
>> Thank you!
>> Keta
>>
