Hi Sailaja, Actually, the groups are not stored in the LDAP I'm querying (or at least I can't access them), so I'm retrieving the groups using the SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter, which I configured but doesn't seem to work as I expected. As a matter of fact, I'm successfully retrieving users from the LDAP with a postOfficeBox field, but setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox does not retrieve the value of the field to create a group.
Let me give you an example to clarify. From the LDAP I'm retrieving the following user : sn: DOE postOfficeBox: 9001928 givenName: JOHN displayName: DOE JOHN memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org name: FOO123 mail: john....@blabla.com The field I'm really interested in for group purposes is postOfficeBox. So by setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox I expect Usersync to create a group named "9001928" and add John Doe to that group, but it doesn't work. Does Usersync only expect groups with LDAP structure (like the memberOf line) ? Thanks, Loïc Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu <spolavar...@cloudera.com> a écrit : > Hi Loic, > I see that you have below config properties for group search. In this > case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base. > Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org" > group is under the configured search base? > groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], > groupSearchScope: 2, groupObjectClass: groupofnames, > May be if you provide usersync logs, that can help to analyze further > > Thanks, > Sailaja. > > On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <loic.cha...@telecomnancy.net> > wrote: > >> Hi team, >> Am I the only one experiencing this issue ? >> Thanks, >> >> Loïc >> >> >> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <loic.cha...@telecomnancy.net> >> a écrit : >> >>> Hi guys, >>> >>> Since 2.4, LDAP information retrieval to create groups seems broken. My >>> sync issues are solved for users, but I'm still unable to pull groups from >>> LDAP. For instance, here are the information in the LDAP from my user : >>> sn: CHANEL >>> postOfficeBox: someValue >>> givenName: LOIC >>> displayName: CHANEL LOIC >>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org >>> name: LCH657 >>> mail: loic.cha...@telecomnancy.net >>> >>> Now here is my configuration on Ranger side : >>> <property> >>> <name>ranger.usersync.ldap.user.groupnameattribute</name> >>> <value>postOfficeBox,memberOf</value> >>> </property> >>> >>> And I can even see that the retrieval is going that way : >>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder >>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with >>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn: >>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org, >>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, >>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase: >>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2, >>> userObjectClass: organizationalPerson, userSearchFilter: >>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org), >>> extendedUserSearchFilter: null, userNameAttribute: name, >>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf, >>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet: >>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame], >>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: >>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2, >>> groupObjectClass: groupofnames, groupSearchFilter: , >>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), >>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, >>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname, >>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true, >>> userSearchEnabled: true, ldapReferral: ignore >>> >>> But in Ranger, my user is created without any group. What am I missing ? >>> Thanks, >>> >>> >>> Loïc CHANEL >>> Technical leader Big Data >>> Capgemini (Lyon, France) >>> >>
