Hi, All, Client system is LINUX and LDAP server is MICROSOFT (alas).
Usersync is not working. Log warnings here: 27 May 2024 08:42:50 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 27 May 2024 08:42:50 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - PolicyMgrUserGroupBuilder.buildGroupList(): No. of groups retrieved from ranger admin 0 27 May 2024 08:42:50 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 27 May 2024 08:42:50 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - PolicyMgrUserGroupBuilder.buildUserList(): No. of users retrieved from ranger admin = 0 27 May 2024 08:42:50 WARN o.a.r.u.p.PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401. 27 May 2024 08:42:50 INFO o.a.r.u.UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder I have run a manual ldapsearch with ldapsearch -H ldaps://ldapsearch.eset.corp -x -W -D [email protected]<mailto:[email protected]> -b "ou=eset,dc=eset,dc=corp" "(|(sAMAccountName="SG-Fred-Admins")(sAMAccountName="SG-Fred-Operations"))" and this produces the expected results. For usersync config, I have tried the URI with and without the port, and with both ldap:// and ldaps:// SYNC_LDAP_URL = ldaps://ldapsearch.eset.corp:636 SYNC_LDAP_URL = ldaps://ldapsearch.eset.corp SYNC_LDAP_URL = ldap://ldapsearch.eset.corp I have tried the BIND DN with every attribute and with the base attributes and get the same result. SYNC_LDAP_BIND_DN = CN=SVC.SK.fred,OU=Xxxxxx accounts,OU=SVC,OU=SK,OU=ESET,DC=eset,DC=corp SYNC_LDAP_BIND_DN = CN=fred,OU=ESET,DC=eset,DC=corp SYNC_LDAP_BIND_DN = CN=fred,DC=eset,DC=corp If ldapsearch works perfectly fine, any ideas why USERSYNC config is causing problems with correctly connecting? I have tried looking around but cannot find any articles which help. Thanks Marc
