the only issue i can see is that the member group list has some groups with
space in them "ho proxy" .. "nro proxy" ..
options
> can test by removing user member ship from groups with space in the names
..then check sync
> as Ramesh said you can try to move to a newer version ..
this is a long shot but did work for me once when i was testing initially
with lots of changes being done on config ..and ranger had pulled
incomplete group/user list in the 1st attempt ..
> stop ranger user sync ..
> delete all the groups and user using ranger REST API
....
https://github.com/apache/incubator-ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
.... group delete e.g.
curl -i -X DELETE --header "AcceptDELETEplication/json" -H
"Content-Type: application/json" -u admin:admin
http://<ranger-ip/fqdn>:6080/service/xusers/groups/{<comma
seperated group id's>}
.... user delete e.g.
curl -i -X DELETE --header "Accept:application/json" -H
"Content-Type: application/json" -u admin:admin
http://<ranger-ip/fqdn>:6080/service/xusers/users/{<comma
seperated user id's>}
> Re-start ranger admin and start ranger user sync ..
*Cheers !!*
Arvind
On Tue, Nov 10, 2015 at 11:18 PM, Kashif Khan <[email protected]> wrote:
> Thanks for your response Arvind. Here is the log. The group name I have
> issue with is "*PRV-BUS-DataScientist-DISABILITY*" that is not showing in
> Ranger. However, the other group "*prv-bus-datascientist-life*" that was
> added same day and being pulled in ranger successfully.
>
>
> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> longGroupName:
> CN=*PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com,
> groupName: PRV-BUS-DataScientist-DISABILITY
>
> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> Updating user count: 57, userName: xyza1b, groupList:
> [domain_name-w7-admin-wkstn-users, wireless_production,
> *prv-bus-datascientist-life*, ho proxy, vpnusers,
> domain_name-w7-std-user-g, nro proxy, prv-bus-datascientist-disability,
> domain_name-w7-std-user-fr-g, wireless_location]
>
> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - INFO: addPMXAGroupToUser(xyza1b,prv-bus-datascientist-disability)
>
> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> longGroupName:
> *CN=PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com,
> groupName: PRV-BUS-DataScientist-DISABILITY
>
> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] -
> Updating user count: 59, userName: xyza2b, groupList:
> [domain_name-w7-admin-wkstn-users, wireless_production,
> prv-bus-datascientist-life, ho proxy, vpnusers, domain_name-w7-std-user-g,
> nro proxy, prv-bus-datascientist-disability, domain_name-w7-std-user-fr-g,
> wireless_location]
>
> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread]
> - INFO: addPMXAGroupToUser(xyza2b,prv-bus-datascientist-disability)
>
>
>
>
> On Tue, Nov 10, 2015 at 1:52 AM, Arvind S <[email protected]> wrote:
>
>> can you post the log section where you see the groups and users being
>> pulled ..
>> i have had issues when using AD (internally setting were using LDAP in
>> AD) as user/group source and user/ group names had spaces or dots in them.
>>
>> If possible update to ranger .5 it has some better handling.
>>
>>
>> *Cheers !!*
>> Arvind
>>
>> On Tue, Nov 10, 2015 at 9:34 AM, Kashif Khan <[email protected]> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to pull one LDAP group into ranger but it is not being
>>> added. Looking at usersync.log, the group is being pulled and users are
>>> added to that group, but I am not able to figure out why group is not
>>> showing up in either ranger x_group table or ranger UI.
>>>
>>> Tried to run usersync process in debug mode with no luck. Would
>>> appreciate any help. I am using 0.4 version.
>>>
>>> --
>>> Thanks,
>>> Kashif
>>>
>>>
>>>
>>
>
>
> --
> Thanks,
> Kashif
>
