Hi Helene, Looks like you have "groupSearchEnabled" set to "false" which is not supported with incremental/delta sync. Can you try with "groupSearchEnabled" set to "true"?
Thanks, Sailaja On Thu, Jun 6, 2019 at 4:42 PM Vipin Rathor <v.rat...@gmail.com> wrote: > Hello Helene, > Could you please enable DEBUG log level in log4j configuration for > usersync and try again? I'm afraid that it is silently failing every hour > and not able to print anything useful at INFO log level. > > -Rathor > > > On Thu, Jun 6, 2019 at 4:32 PM Treadwell, Helene < > helene.treadw...@nike.com> wrote: > >> Hello, >> >> >> >> Wondering if someone can help figure out this usersync issue. The >> initial sync appears to be working fine, but after that, the sync is not >> happening again afterwards (expecting every 1 hour). The AD system we’re >> using for this test is against an AWS Simple AD service, FYI. Thanks in >> advance for any advice! >> >> >> >> This is the modified vars in install.properties: >> >> >> >> *POLICY_MGR_URL = **http://10.234.4.254:6080* <http://10.234.4.254:6080/> >> >> >> * SYNC_SOURCE = ldap SYNC_INTERVAL = 1 SYNC_LDAP_URL = ldap://* >> *10.234.3.243**:389* >> * SYNC_LDAP_BIND_DN = * >> >> *administra...@adapt.ad.com <administra...@adapt.ad.com> >> SYNC_LDAP_BIND_PASSWORD = ****** SYNC_LDAP_SEARCH_BASE = >> ou=Users,dc=adapt,dc=ad,dc=com* >> >> >> >> >> >> Here is the usersync log: >> >> >> >> 06 Jun 2019 16:57:35 INFO UnixAuthenticationService [main] - Starting >> User Sync Service! >> >> 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - >> Initializing for ranger.usersync.mapping.username.regex >> >> 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - >> Initializing for ranger.usersync.mapping.groupname.regex >> >> 06 Jun 2019 16:57:35 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder created >> >> 06 Jun 2019 16:57:35 INFO UserGroupSyncConfig [UnixUserSyncThread] - >> Sleep Time Between Cycle can not be lower than [3600000] millisec. >> resetting to min value. >> >> 06 Jun 2019 16:57:35 INFO UserGroupSync [UnixUserSyncThread] - >> initializing sink: >> org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder >> >> 06 Jun 2019 16:57:35 WARN NativeCodeLoader [UnixUserSyncThread] - Unable >> to load native-hadoop library for your platform... using builtin-java >> classes where applicable >> >> 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - >> Initializing for ranger.usersync.mapping.username.regex >> >> 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - >> Initializing for ranger.usersync.mapping.groupname.regex >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder created >> >> 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - >> initializing source: >> org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder initialization started >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: >> ldap://10.234.3.243:389, ldapBindDn: administra...@adapt.ad.com, >> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, >> searchBase: cn=users,dc=adapt,dc=ad,dc=com, userSearchBase: >> [cn=users,dc=adapt,dc=ad,dc=com], userSearchScope: 2, userObjectClass: >> person, userSearchFilter: , extendedUserSearchFilter: null, >> userNameAttribute: cn, userSearchAttributes: [uSNChanged, cn, memberof, >> ismemberof, modifytimestamp], userGroupNameAttributeSet: [memberof, >> ismemberof], pagedResultsEnabled: true, pagedResultsSize: 500, >> groupSearchEnabled: false, groupSearchBase: >> [cn=users,dc=adapt,dc=ad,dc=com], groupSearchScope: 2, groupObjectClass: >> groupofnames, groupSearchFilter: , extendedGroupSearchFilter: >> (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, >> groupMemberAttributeName: member, groupNameAttribute: cn, >> groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], >> groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, >> userSearchEnabled: true, ldapReferral: ignore >> >> 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - Begin: >> initial load of user/group from source==>sink >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder updateSink started >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Performing user search first >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - extendedUserSearchFilter = >> (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))) >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3723and currentDeltaSyncTime = 3723 >> >> 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Enterprise Admins,CN=Users,DC=adapt,DC=ad,DC=com, >> groupName: Enterprise Admins >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 1, userName: AWSAdminD-9267114D60 >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3771and currentDeltaSyncTime = 3771 >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: >> CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: >> Application.Adapt.Adapt_Eng >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 2, userName: Helene Treadwell >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3756and currentDeltaSyncTime = 3756 >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Administrators,CN=Builtin,DC=adapt,DC=ad,DC=com, >> groupName: Administrators >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Group Policy Creator >> Owners,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Group Policy Creator >> Owners >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Schema Admins,CN=Users,DC=adapt,DC=ad,DC=com, >> groupName: Schema Admins >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Domain Admins,CN=Users,DC=adapt,DC=ad,DC=com, >> groupName: Domain Admins >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 3, userName: Administrator >> >> 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3993and currentDeltaSyncTime = 3993 >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 4, userName: Sanjay Darisi >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3786and currentDeltaSyncTime = 3786 >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: >> CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: >> Application.Adapt.Adapt_Eng >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 5, userName: Steve Hall >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3547and currentDeltaSyncTime = 3547 >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Denied RODC Password Replication >> Group,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Denied RODC Password >> Replication Group >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 6, userName: krbtgt >> >> 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - uSNChangedVal = 3546and currentDeltaSyncTime = 3546 >> >> 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - longGroupName: CN=Guests,CN=Builtin,DC=adapt,DC=ad,DC=com, groupName: >> Guests >> >> 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - Updating user count: 7, userName: Guest >> >> 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] >> - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 7 >> >> 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - End: >> initial load of user/group from source==>sink >> >> 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - Done >> initializing user/group source and sink >> >> 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling >> Unix Auth Service! >> >> 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling >> Protocol: [SSLv2Hello] >> >> 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling >> Protocol: [TLSv1] >> >> 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling >> Protocol: [TLSv1.1] >> >> 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling >> Protocol: [TLSv1.2] >> >> 06 Jun 2019 17:40:59 INFO PasswordValidator [Thread-11] - Response >> [FAILED: [admin] does not exists.] for user: admin >> >> 06 Jun 2019 21:12:23 INFO PasswordValidator [Thread-12] - Response >> [FAILED: [admin] does not exists.] for user: admin >> >> 06 Jun 2019 21:12:26 INFO PasswordValidator [Thread-13] - Response >> [FAILED: [admin] does not exists.] for user: admin >> >> 06 Jun 2019 22:39:30 INFO PasswordValidator [Thread-14] - Response >> [FAILED: [admin] does not exists.] for user: admin >> >> >> >> >> >> >> >> >> >> -Helene Treadwell >> >> >> >
