Groups not retrieved

Mon, 19 Feb 2024 03:38:50 -0800 

Hi guys,

Since 2.4, LDAP information retrieval to create groups seems broken. My
sync issues are solved for users, but I'm still unable to pull groups from
LDAP. For instance, here are the information in the LDAP from my user :
sn: CHANEL
postOfficeBox: someValue
givenName: LOIC
displayName: CHANEL LOIC
memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
name: LCH657
mail: loic.cha...@telecomnancy.net

Now here is my configuration on Ranger side :
        <property>
                <name>ranger.usersync.ldap.user.groupnameattribute</name>
                <value>postOfficeBox,memberOf</value>
        </property>

And I can even see that the retrieval is going that way :
9 Feb 2024 12:16:56  INFO o.a.r.l.p.LdapUserGroupBuilder
[UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
--  ldapUrl: ldap://cmb.blabla.org:389,  ldapBindDn:
CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
 ldapBindPassword: ***** ,  ldapAuthenticationMechanism: simple,
 searchBase: dc=cmb,dc=blabla,dc=org,  userSearchBase:
[ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org],  userSearchScope: 2,
 userObjectClass: organizationalPerson,  userSearchFilter:
(memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
 extendedUserSearchFilter: null,  userNameAttribute: name,
 userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
modifytimestamp, objectid, userurincipaluame],  userGroupNameAttributeSet:
[postOfficeBox, memberOf],  otherUserAttributes: [userurincipaluame],
 pagedResultsEnabled: true,  pagedResultsSize: 500,  groupSearchEnabled:
true,  groupSearchBase: [dc=cmb,dc=blabla,dc=org],  groupSearchScope: 2,
 groupObjectClass: groupofnames,  groupSearchFilter: ,
 extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
 extendedAllGroupsSearchFilter: null,  groupMemberAttributeName: member,
 groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
userSearchEnabled: true,  ldapReferral: ignore

But in Ranger, my user is created without any group. What am I missing ?
Thanks,


Loïc CHANEL
Technical leader Big Data
Capgemini (Lyon, France)

Reply via email to