Apologies, missed the attachment from previous e-mail. Thanks,
Helene Treadwell Engineer | Enterprise Architecture & Platforms | NIKE, Inc. M: 714-204-5044 | helene.treadw...@nike.com<mailto:helene.treadw...@nike.com> [cid:image001.png@01D37BD9.F52245A0] For Build & Automation support, please contact lst-eap.plata...@nike.com<mailto:lst-eap.plata...@nike.com>. From: "Treadwell, Helene" <helene.treadw...@nike.com> Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> Date: Monday, June 10, 2019 at 1:19 PM To: "user@ranger.apache.org" <user@ranger.apache.org> Subject: Re: <External>Re: Ranger Usersync Not Updating After Initial Sync Hello, Thank you for the recommendations. I have tried both. Please see new log with DEBUG messages attached. I’ve added this parameter to the install.properties file as well, but it doesn’t resolve the sync issue. SYNC_GROUP_SEARCH_ENABLED=true Thanks, Helene Treadwell Engineer | Enterprise Architecture & Platforms | NIKE, Inc. M: 714-204-5044 | helene.treadw...@nike.com<mailto:helene.treadw...@nike.com> [cid:image001.png@01D37BD9.F52245A0] For Build & Automation support, please contact lst-eap.plata...@nike.com<mailto:lst-eap.plata...@nike.com>. From: Sailaja Polavarapu <spolavar...@cloudera.com> Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> Date: Thursday, June 6, 2019 at 8:49 PM To: "user@ranger.apache.org" <user@ranger.apache.org> Subject: <External>Re: Ranger Usersync Not Updating After Initial Sync Hi Helene, Looks like you have "groupSearchEnabled" set to "false" which is not supported with incremental/delta sync. Can you try with "groupSearchEnabled" set to "true"? Thanks, Sailaja On Thu, Jun 6, 2019 at 4:42 PM Vipin Rathor <v.rat...@gmail.com<mailto:v.rat...@gmail.com>> wrote: Hello Helene, Could you please enable DEBUG log level in log4j configuration for usersync and try again? I'm afraid that it is silently failing every hour and not able to print anything useful at INFO log level. -Rathor On Thu, Jun 6, 2019 at 4:32 PM Treadwell, Helene <helene.treadw...@nike.com<mailto:helene.treadw...@nike.com>> wrote: Hello, Wondering if someone can help figure out this usersync issue. The initial sync appears to be working fine, but after that, the sync is not happening again afterwards (expecting every 1 hour). The AD system we’re using for this test is against an AWS Simple AD service, FYI. Thanks in advance for any advice! This is the modified vars in install.properties: POLICY_MGR_URL = http://10.234.4.254:6080<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.234.4.254-3A6080_&d=DwMFaQ&c=7DfhQjPWzR3PmWBQVpi-kw&r=kcVpZ83Oz_eaC5ai7r0u5Lr9tm-XLxYP8p3M7dVqMRE&m=1Adg7vGOXlSG6APP4UkY8BsR8ZLnoMtM0brfkZ45XB8&s=fxYdJ5Pp_sTSdjH6NzdoPKnee_trBCfo_RSYDZBCBvE&e=> SYNC_SOURCE = ldap SYNC_INTERVAL = 1 SYNC_LDAP_URL = ldap://10.234.3.243:389 SYNC_LDAP_BIND_DN = administra...@adapt.ad.com<mailto:administra...@adapt.ad.com> SYNC_LDAP_BIND_PASSWORD = ****** SYNC_LDAP_SEARCH_BASE = ou=Users,dc=adapt,dc=ad,dc=com Here is the usersync log: 06 Jun 2019 16:57:35 INFO UnixAuthenticationService [main] - Starting User Sync Service! 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex 06 Jun 2019 16:57:35 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex 06 Jun 2019 16:57:35 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder created 06 Jun 2019 16:57:35 INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep Time Between Cycle can not be lower than [3600000] millisec. resetting to min value. 06 Jun 2019 16:57:35 INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder 06 Jun 2019 16:57:35 WARN NativeCodeLoader [UnixUserSyncThread] - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex 06 Jun 2019 16:57:36 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder created 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization started 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder initialization completed with -- ldapUrl: ldap://10.234.3.243:389<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.234.3.243-3A389&d=DwMFaQ&c=7DfhQjPWzR3PmWBQVpi-kw&r=kcVpZ83Oz_eaC5ai7r0u5Lr9tm-XLxYP8p3M7dVqMRE&m=1Adg7vGOXlSG6APP4UkY8BsR8ZLnoMtM0brfkZ45XB8&s=q-Ou6o5QymJh91zjDUEZ8dcCw1yCAgVkas2t3YoAPe8&e=>, ldapBindDn: administra...@adapt.ad.com<mailto:administra...@adapt.ad.com>, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: cn=users,dc=adapt,dc=ad,dc=com, userSearchBase: [cn=users,dc=adapt,dc=ad,dc=com], userSearchScope: 2, userObjectClass: person, userSearchFilter: , extendedUserSearchFilter: null, userNameAttribute: cn, userSearchAttributes: [uSNChanged, cn, memberof, ismemberof, modifytimestamp], userGroupNameAttributeSet: [memberof, ismemberof], pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: false, groupSearchBase: [cn=users,dc=adapt,dc=ad,dc=com], groupSearchScope: 2, groupObjectClass: groupofnames, groupSearchFilter: , extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, member, cn, modifytimestamp], groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: true, ldapReferral: ignore 06 Jun 2019 16:57:36 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z))) 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3723and currentDeltaSyncTime = 3723 06 Jun 2019 16:57:36 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Enterprise Admins,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Enterprise Admins 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 1, userName: AWSAdminD-9267114D60 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3771and currentDeltaSyncTime = 3771 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Application.Adapt.Adapt_Eng 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 2, userName: Helene Treadwell 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3756and currentDeltaSyncTime = 3756 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Administrators,CN=Builtin,DC=adapt,DC=ad,DC=com, groupName: Administrators 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Group Policy Creator Owners,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Group Policy Creator Owners 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Schema Admins,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Schema Admins 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Domain Admins,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Domain Admins 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 3, userName: Administrator 06 Jun 2019 16:57:37 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3993and currentDeltaSyncTime = 3993 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 4, userName: Sanjay Darisi 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3786and currentDeltaSyncTime = 3786 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Application.Adapt.Adapt_Eng,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Application.Adapt.Adapt_Eng 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 5, userName: Steve Hall 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3547and currentDeltaSyncTime = 3547 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Denied RODC Password Replication Group,CN=Users,DC=adapt,DC=ad,DC=com, groupName: Denied RODC Password Replication Group 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 6, userName: krbtgt 06 Jun 2019 16:57:38 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 3546and currentDeltaSyncTime = 3546 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - longGroupName: CN=Guests,CN=Builtin,DC=adapt,DC=ad,DC=com, groupName: Guests 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 7, userName: Guest 06 Jun 2019 16:57:39 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 7 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink 06 Jun 2019 16:57:39 INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling Unix Auth Service! 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello] 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1] 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1] 06 Jun 2019 16:57:40 INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2] 06 Jun 2019 17:40:59 INFO PasswordValidator [Thread-11] - Response [FAILED: [admin] does not exists.] for user: admin 06 Jun 2019 21:12:23 INFO PasswordValidator [Thread-12] - Response [FAILED: [admin] does not exists.] for user: admin 06 Jun 2019 21:12:26 INFO PasswordValidator [Thread-13] - Response [FAILED: [admin] does not exists.] for user: admin 06 Jun 2019 22:39:30 INFO PasswordValidator [Thread-14] - Response [FAILED: [admin] does not exists.] for user: admin -Helene Treadwell
sample.log
Description: sample.log
