And now it works perfectly. Thanks ! I'm curious about that option : could you provide more details ? Why does it trigger the usage of SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter to do exactly what I was trying to achieve ? And what was the previous behaviour ? Thanks a lot for your help,
Loïc Le ven. 22 mars 2024 à 15:34, Sailaja Polavarapu <spolavar...@cloudera.com> a écrit : > Oh ok. In this case can you try setting > ranger.usersync.group.searchenabled to false? > > On Fri, Mar 22, 2024 at 1:27 AM Loïc CHANEL <loic.cha...@telecomnancy.net> > wrote: > >> Hi Sailaja, >> >> Actually, the groups are not stored in the LDAP I'm querying (or at least >> I can't access them), so I'm retrieving the groups using >> the SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter, which I configured but >> doesn't seem to work as I expected. >> As a matter of fact, I'm successfully retrieving users from the LDAP with >> a postOfficeBox field, but setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = >> postOfficeBox does not retrieve the value of the field to create a group. >> >> Let me give you an example to clarify. From the LDAP I'm retrieving the >> following user : >> >> sn: DOE >> postOfficeBox: 9001928 >> givenName: JOHN >> displayName: DOE JOHN >> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org >> name: FOO123 >> mail: john....@blabla.com >> >> >> The field I'm really interested in for group purposes is postOfficeBox. >> So by setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox I expect >> Usersync to create a group named "9001928" and add John Doe to that group, >> but it doesn't work. Does Usersync only expect groups with LDAP structure >> (like the memberOf line) ? >> Thanks, >> >> >> Loïc >> >> Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu < >> spolavar...@cloudera.com> a écrit : >> >>> Hi Loic, >>> I see that you have below config properties for group search. In this >>> case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base. >>> Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org" >>> group is under the configured search base? >>> groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], >>> groupSearchScope: 2, groupObjectClass: groupofnames, >>> May be if you provide usersync logs, that can help to analyze further >>> >>> Thanks, >>> Sailaja. >>> >>> On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL < >>> loic.cha...@telecomnancy.net> wrote: >>> >>>> Hi team, >>>> Am I the only one experiencing this issue ? >>>> Thanks, >>>> >>>> Loïc >>>> >>>> >>>> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL < >>>> loic.cha...@telecomnancy.net> a écrit : >>>> >>>>> Hi guys, >>>>> >>>>> Since 2.4, LDAP information retrieval to create groups seems broken. >>>>> My sync issues are solved for users, but I'm still unable to pull groups >>>>> from LDAP. For instance, here are the information in the LDAP from my >>>>> user : >>>>> sn: CHANEL >>>>> postOfficeBox: someValue >>>>> givenName: LOIC >>>>> displayName: CHANEL LOIC >>>>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org >>>>> name: LCH657 >>>>> mail: loic.cha...@telecomnancy.net >>>>> >>>>> Now here is my configuration on Ranger side : >>>>> <property> >>>>> >>>>> <name>ranger.usersync.ldap.user.groupnameattribute</name> >>>>> <value>postOfficeBox,memberOf</value> >>>>> </property> >>>>> >>>>> And I can even see that the retrieval is going that way : >>>>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder >>>>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with >>>>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn: >>>>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org, >>>>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, >>>>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase: >>>>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2, >>>>> userObjectClass: organizationalPerson, userSearchFilter: >>>>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org), >>>>> extendedUserSearchFilter: null, userNameAttribute: name, >>>>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf, >>>>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet: >>>>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame], >>>>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: >>>>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2, >>>>> groupObjectClass: groupofnames, groupSearchFilter: , >>>>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))), >>>>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member, >>>>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname, >>>>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true, >>>>> userSearchEnabled: true, ldapReferral: ignore >>>>> >>>>> But in Ranger, my user is created without any group. What am I missing >>>>> ? >>>>> Thanks, >>>>> >>>>> >>>>> Loïc CHANEL >>>>> Technical leader Big Data >>>>> Capgemini (Lyon, France) >>>>> >>>>
