Hello Robert, Thank you for pointing out the Jira. This patch resolved the issue I was facing.
Thank you, Keta On Fri, Feb 19, 2016 at 5:02 AM, Robert Levas <[email protected]> wrote: > Hi Keta… > > What version of Ambari are you using? My guess is 2.2.0. If so, I think > you may have bumped into the bug fixed in > https://issues.apache.org/jira/browse/AMBARI-15031, which will be > released in Ambari version 2.2.2 - I am not sure of the release date for > that. > > Unfortunately, to perform subsequent sync-all operations with your current > version, you will need to clear out the imported LDAP groups and associated > metadata from the Ambari database. Else you will be able to sync an > explicit set of groups using the —group option. > > To clear out the imported groups and associated metadata from the Ambari > database (after backing up your database), you will need to delete all > groups from the `groups` table where `ldap_group`=1. You will also need to > remove all records from the `adminprincipal` table where the `principal_id` > equals the `groups.principal_id` for the relevant records. So something > like this should do the trick. > > DELETE FROM adminprincipal WHERE principal_id IN (SELECT > principal_id FROM groups WHERE ldap_group=1); > DELETE FROM groups WHERE ldap_group=1; > > > Rob > > > > > > On 2/18/16, 8:00 PM, "Keta Patel" <[email protected]> > wrote: > > >Adding more detail to my question: > > > >The following is what I see when I perform sync-ldap consecutively. > >*The very 1st call:* > >>>ambari-server sync-ldap --all > > > >*Result:* > >Using python /usr/bin/python2 > >Syncing with LDAP... > >Enter Ambari Admin login: admin > >Enter Ambari Admin password: > >Syncing all... > > > >Completed LDAP Sync. > >Summary: > > memberships: > > removed = 0 > > created = 0 > > users: > > updated = 0 > > removed = 0 > > created = 0 > > groups: > > updated = 0 > > removed = 0 > > created = 2 > > > >Ambari Server 'sync-ldap' completed successfully. > > > > > > > > > >*The 2nd time I call:* > >>>ambari-server sync-ldap --all > > > >*Result:* > >Using python /usr/bin/python2 > >Syncing with LDAP... > >Enter Ambari Admin login: admin > >Enter Ambari Admin password: > >Syncing all...ERROR: Exiting with exit code 1. > >REASON: Caught exception running LDAP sync. Exception [EclipseLink-4002] > >(Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): > >org.eclipse.persistence.exceptions.DatabaseException > >Internal Exception: java.sql.BatchUpdateException: Batch entry 0 INSERT > >INTO groups (group_id, group_name, ldap_group, principal_id) VALUES (524, > >'sheetsg9', 1, 5527) was aborted. Call getNextException to see the cause. > >Error Code: 0 > >Call: INSERT INTO groups (group_id, group_name, ldap_group, principal_id) > >VALUES (?, ?, ?, ?) > > bind => [4 parameters bound] > > > > > > > >The only difference I found with the LDAP group "sheetsg9" when compared > to > >the other LDAP groups was that *it had no users associated with it.* > >The workaround involves deleting that group from the "groups" table in the > >DB and syncing again. The sync goes through fine after that. > > > >Is this the expected behavior of "sync-ldap --all" or is the case of > >handling groups with no users not handled properly? > > > >On Thu, Feb 18, 2016 at 3:27 PM, Keta Patel < > >[email protected]> wrote: > > > >> Hello all, > >> What is the expected behavior of "ambari-server sync-ldap --all" on the > >> 2nd or later calls? > >> > >> Thank you! > >> Keta > >> >
