Hello Helene, Could you please enable DEBUG log level in log4j configuration for usersync and try again? I'm afraid that it is silently failing every hour and not able to print anything useful at INFO log level.
-Rathor On Thu, Jun 6, 2019 at 4:32 PM Treadwell, Helene <helene.treadw...@nike.com> wrote: > Hello, > > > > Wondering if someone can help figure out this usersync issue. The initial > sync appears to be working fine, but after that, the sync is not happening > again afterwards (expecting every 1 hour). The AD system we’re using for > this test is against an AWS Simple AD service, FYI. Thanks in advance for > any advice! > > > > This is the modified vars in install.properties: > > > > *POLICY_MGR_URL = **http://10.234.4.254:6080* <http://10.234.4.254:6080/> > > > * SYNC_SOURCE = ldap SYNC_INTERVAL = 1 SYNC_LDAP_URL = ldap://* > *10.234.3.243**:389* > * SYNC_LDAP_BIND_DN = * > > *administra...@adapt.ad.com <administra...@adapt.ad.com> > SYNC_LDAP_BIND_PASSWORD = ****** SYNC_LDAP_SEARCH_BASE = > ou=Users,dc=adapt,dc=ad,dc=com* > > > > > > Here is the usersync log: > > > > 06 Jun 2019 16:57:35 INFO UnixAuthenticationService [main] - Starting > User Sync Service! > > 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - > Initializing for ranger.usersync.mapping.username.regex > > 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - > Initializing for ranger.usersync.mapping.groupname.regex > > 06 Jun 2019 16:57:35 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder created > > 06 Jun 2019 16:57:35 INFO UserGroupSyncConfig [UnixUserSyncThread] - > Sleep Time Between Cycle can not be lower than [3600000] millisec. > resetting to min value. > > 06 Jun 2019 16:57:35 INFO UserGroupSync [UnixUserSyncThread] - > initializing sink: > org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder > > 06 Jun 2019 16:57:35 WARN NativeCodeLoader [UnixUserSyncThread] - Unable > to load native-hadoop library for your platform... using builtin-java > classes where applicable > > 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - > Initializing for ranger.usersync.mapping.username.regex > > 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - > Initializing for ranger.usersync.mapping.groupname.regex > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder created > > 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - > initializing source: > org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder initialization started > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: > ldap://10.234.3.243:389, ldapBindDn: administra...@adapt.ad.com, > ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, > searchBase: cn=users,dc=adapt,dc=ad,dc=com, userSearchBase: > [cn=users,dc=adapt,dc=ad,dc=com], userSearchScope: 2, userObjectClass: > person, userSearchFilter: , extendedUserSearchFilter: null, > userNameAttribute: cn, userSearchAttributes: [uSNChanged, cn, memberof, > ismemberof, modifytimestamp], userGroupNameAttributeSet: [memberof, > ismemberof], pagedResultsEnabled: true, pagedResultsSize: 500, > groupSearchEnabled: false, groupSearchBase: > [cn=users,dc=adapt,dc=ad,dc=com], groupSearchScope: 2, groupObjectClass: > groupofnames, groupSearchFilter: , extendedGroupSearchFilter: > (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, > groupMemberAttributeName: member, groupNameAttribute: cn, > groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], > groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, > userSearchEnabled: true, ldapReferral: ignore > > 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - Begin: > initial load of user/group from source==>sink > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder updateSink started > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Performing user search first > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - extendedUserSearchFilter = > (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))) > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3723and currentDeltaSyncTime = 3723 > > 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Enterprise Admins,CN=Users,DC=adapt,DC=ad,DC=com, > groupName: Enterprise Admins > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 1, userName: AWSAdminD-9267114D60 > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3771and currentDeltaSyncTime = 3771 > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: > CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: > Application.Adapt.Adapt_Eng > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 2, userName: Helene Treadwell > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3756and currentDeltaSyncTime = 3756 > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Administrators,CN=Builtin,DC=adapt,DC=ad,DC=com, > groupName: Administrators > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Group Policy Creator > Owners,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Group Policy Creator > Owners > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Schema Admins,CN=Users,DC=adapt,DC=ad,DC=com, > groupName: Schema Admins > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Domain Admins,CN=Users,DC=adapt,DC=ad,DC=com, > groupName: Domain Admins > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 3, userName: Administrator > > 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3993and currentDeltaSyncTime = 3993 > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 4, userName: Sanjay Darisi > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3786and currentDeltaSyncTime = 3786 > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: > CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: > Application.Adapt.Adapt_Eng > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 5, userName: Steve Hall > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3547and currentDeltaSyncTime = 3547 > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Denied RODC Password Replication > Group,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Denied RODC Password > Replication Group > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 6, userName: krbtgt > > 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - uSNChangedVal = 3546and currentDeltaSyncTime = 3546 > > 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - longGroupName: CN=Guests,CN=Builtin,DC=adapt,DC=ad,DC=com, groupName: > Guests > > 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - Updating user count: 7, userName: Guest > > 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] > - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 7 > > 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - End: > initial load of user/group from source==>sink > > 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - Done > initializing user/group source and sink > > 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling > Unix Auth Service! > > 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling > Protocol: [SSLv2Hello] > > 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1] > > 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1.1] > > 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling > Protocol: [TLSv1.2] > > 06 Jun 2019 17:40:59 INFO PasswordValidator [Thread-11] - Response > [FAILED: [admin] does not exists.] for user: admin > > 06 Jun 2019 21:12:23 INFO PasswordValidator [Thread-12] - Response > [FAILED: [admin] does not exists.] for user: admin > > 06 Jun 2019 21:12:26 INFO PasswordValidator [Thread-13] - Response > [FAILED: [admin] does not exists.] for user: admin > > 06 Jun 2019 22:39:30 INFO PasswordValidator [Thread-14] - Response > [FAILED: [admin] does not exists.] for user: admin > > > > > > > > > > -Helene Treadwell > > >
