[jira] [Commented] (RANGER-720) Ldap discovery tool doesn't seem to be working as expected

Mon, 16 Nov 2015 12:59:12 -0800 

    [ 
https://issues.apache.org/jira/browse/RANGER-720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15007302#comment-15007302
 ] 

Sailaja Polavarapu commented on RANGER-720:
-------------------------------------------

Adding one more reported issue:
-------------------------------------------------
From: Bosco Durai
Date: Monday, November 9, 2015 at 5:41 PM
To: Sailaja Polavarapu
Cc: Selvamohan Neethiraj, Velmurugan Periasamy, Madhan Neethiraj, Balaji Ganesan
Subject: ldaptool not working...

Sailaja

We are trying to use the ldaptool and it is just not working…

# Mandatory ldap configuration properties.
ranger.usersync.ldap.url=ldap://ad01.lab.hortonworks.net:389
ranger.usersync.ldap.binddn=cn=ldapconnect,ou=ServiceUsers,dc=lab,dc=hortonworks,dc=net
ranger.usersync.ldap.ldapbindpassword=<password>

# Mandatory only for openLdap
ranger.usersync.ldap.user.searchbase=dc=net
ranger.usersync.ldap.user.searchfilter=sAMAccountName=*

# For verifying authentication please provide sample username and password
#ranger.admin.auth.sampleuser=cn=sales1,ou=CorpUsers,dc=lab,dc=hortonworks,dc=net
ranger.admin.auth.sampleuser=cn=ldapconnect,ou=ServiceUsers,dc=lab,dc=hortonworks,dc=net
ranger.admin.auth.samplepassword=<password>

ldapConfigCheck.log:
ERROR: Connection failed: Exception occured while discovering basic user 
properties:
ranger.usersync.ldap.user.nameattribute
ranger.usersync.ldap.user.objectclass
ranger.usersync.ldap.user.groupnameattribute
Please verify values for ranger.usersync.ldap.user.searchbase and 
ranger.usersync.ldap.user.searchfilter


$ldapsearch -h ad01.lab.hortonworks.net:389 -b dc=net -w <password> -D 
cn=sales1,ou=CorpUsers,dc=lab,dc=hortonworks,dc=net
(This works)


We need to make this process easy. The error message is also not much useful…

Bosco
============================================
java.lang.ArrayIndexOutOfBoundsException: 1 >= 1
at java.util.Vector.elementAt(Vector.java:474)
at javax.naming.directory.BasicAttribute.get(BasicAttribute.java:443)
at 
org.apache.ranger.ldapconfigcheck.UserSync.findBasicUserProperties(UserSync.java:261)
at 
org.apache.ranger.ldapconfigcheck.UserSync.findUserProperties(UserSync.java:138)
at 
org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain.findAllUserSyncProperties(LdapConfigCheckMain.java:145)
at 
org.apache.ranger.ldapconfigcheck.LdapConfigCheckMain.main(LdapConfigCheckMain.java:97)

> Ldap discovery tool doesn't seem to be working as expected
> ----------------------------------------------------------
>
>                 Key: RANGER-720
>                 URL: https://issues.apache.org/jira/browse/RANGER-720
>             Project: Ranger
>          Issue Type: Bug
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Don Bosco Durai
>            Assignee: Sailaja Polavarapu
>
> [~spolavarapu]
> I was testing the ldap discovery tool against AD and it seems the results 
> were not as I expected:
> input.properties:
> ranger.usersync.ldap.url=ldap://ad-hello.cloud.hello.com                      
>                                            
> ranger.usersync.ldap.binddn=CN=LDAP Access,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.usersync.ldap.ldapbindpassword=<password>
> ranger.admin.auth.sampleuser=CN=sample,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.admin.auth.samplepassword=<password>
> output:
> SYNC_LDAP_USER_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_OBJECT_CLASS=person
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=
> SYNC_LDAP_USER_SEARCH_BASE=OU=workshop_service_users,DC=AD-HDP,DC=COM
> SYNC_LDAP_USER_SEARCH_FILTER=sAMAccountName=*
> ldapConfigCheck.log
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> ERROR: Connection failed: null
> I was expecting the following:
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_SEARCH_BASE=OU=MyUsers,DC=AD-HELLO,DC=COM
> Also, there is an ERROR: Connection failed: null
> Let me know if you need additional information. Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to