Re: Groups not retrieved

Thu, 21 Mar 2024 08:00:34 -0700 

Hi team,
Am I the only one experiencing this issue ?
Thanks,

Loïc


Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <loic.cha...@telecomnancy.net> a
écrit :

> Hi guys,
>
> Since 2.4, LDAP information retrieval to create groups seems broken. My
> sync issues are solved for users, but I'm still unable to pull groups from
> LDAP. For instance, here are the information in the LDAP from my user :
> sn: CHANEL
> postOfficeBox: someValue
> givenName: LOIC
> displayName: CHANEL LOIC
> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
> name: LCH657
> mail: loic.cha...@telecomnancy.net
>
> Now here is my configuration on Ranger side :
>         <property>
>                 <name>ranger.usersync.ldap.user.groupnameattribute</name>
>                 <value>postOfficeBox,memberOf</value>
>         </property>
>
> And I can even see that the retrieval is going that way :
> 9 Feb 2024 12:16:56  INFO o.a.r.l.p.LdapUserGroupBuilder
> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
> --  ldapUrl: ldap://cmb.blabla.org:389,  ldapBindDn:
> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
>  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: simple,
>  searchBase: dc=cmb,dc=blabla,dc=org,  userSearchBase:
> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org],  userSearchScope: 2,
>  userObjectClass: organizationalPerson,  userSearchFilter:
> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
>  extendedUserSearchFilter: null,  userNameAttribute: name,
>  userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
> modifytimestamp, objectid, userurincipaluame],  userGroupNameAttributeSet:
> [postOfficeBox, memberOf],  otherUserAttributes: [userurincipaluame],
>  pagedResultsEnabled: true,  pagedResultsSize: 500,  groupSearchEnabled:
> true,  groupSearchBase: [dc=cmb,dc=blabla,dc=org],  groupSearchScope: 2,
>  groupObjectClass: groupofnames,  groupSearchFilter: ,
>  extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
>  extendedAllGroupsSearchFilter: null,  groupMemberAttributeName: member,
>  groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
> userSearchEnabled: true,  ldapReferral: ignore
>
> But in Ranger, my user is created without any group. What am I missing ?
> Thanks,
>
>
> Loïc CHANEL
> Technical leader Big Data
> Capgemini (Lyon, France)
>

Reply via email to