Hi Loic, I see that you have below config properties for group search. In this case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base. Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org" group is under the configured search base? groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2, groupObjectClass: groupofnames, May be if you provide usersync logs, that can help to analyze further
Thanks, Sailaja. On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <loic.cha...@telecomnancy.net> wrote: > Hi team, > Am I the only one experiencing this issue ? > Thanks, > > Loïc > > > Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <loic.cha...@telecomnancy.net> > a écrit : > >> Hi guys, >> >> Since 2.4, LDAP information retrieval to create groups seems broken. My >> sync issues are solved for users, but I'm still unable to pull groups from >> LDAP. For instance, here are the information in the LDAP from my user : >> sn: CHANEL >> postOfficeBox: someValue >> givenName: LOIC >> displayName: CHANEL LOIC >> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org >> name: LCH657 >> mail: loic.cha...@telecomnancy.net >> >> Now here is my configuration on Ranger side : >> <property> >> <name>ranger.usersync.ldap.user.groupnameattribute</name> >> <value>postOfficeBox,memberOf</value> >> </property> >> >> And I can even see that the retrieval is going that way : >> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder >> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with >> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn: >> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org, >> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, >> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase: >> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2, >> userObjectClass: organizationalPerson, userSearchFilter: >> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org), >> extendedUserSearchFilter: null, userNameAttribute: name, >> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf, >> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet: >> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame], >> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: >> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2, >> groupObjectClass: groupofnames, groupSearchFilter: , >> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), >> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, >> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname, >> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true, >> userSearchEnabled: true, ldapReferral: ignore >> >> But in Ranger, my user is created without any group. What am I missing ? >> Thanks, >> >> >> Loïc CHANEL >> Technical leader Big Data >> Capgemini (Lyon, France) >> >
