Hey Guys, Following issue:
I have an extremely large, corporate, LDAP; It limits the amount of records I can pick up; This means I have to set the Ambari LDAP base dn quite narrow (ie.: ou=hdp-groups,ou=department,ou=groups,o=corp) In this base dn are several groupOfUniqueNames with in them uniqueMember; Ambari ldap-sync correctly sees the groupOfUniqueNames and uniqueMembers. The uniqueMembers however refer to a different base dn: ou=people,o=corp. Ambari now skips these users claiming: "User 'XYZ' is out of scope of the base DN. It will be skipped." Setting the base dn to o=corp is far to wide, since ldap-sync is trying to find all relevant objectClasses in the entire tree, LDAP kicks it out. Is there any way I can either do a proper filter on where to find the specific objectclasses or set a seconday base dn or something? With kind regards, Jorn Eilander
