Hi Arvind, Deleting all users and groups and pulling them again didn't help. Still same issue. Looks like upgrade is the only option.
I have another question, where can I check the logs for all ranger policy changes logs. I know it is written in ranger_audit db but is it possible to log that in a log file. Thanks, Kashif On Wed, Nov 11, 2015 at 11:14 PM, Kashif Khan <[email protected]> wrote: > Thanks Arvind, I will try that tomorrow and will see if it get fixed. > > On Wed, Nov 11, 2015 at 11:10 PM, Arvind S <[email protected]> wrote: > >> the only issue i can see is that the member group list has some groups >> with space in them "ho proxy" .. "nro proxy" .. >> options >> > can test by removing user member ship from groups with space in the >> names ..then check sync >> > as Ramesh said you can try to move to a newer version .. >> >> this is a long shot but did work for me once when i was testing initially >> with lots of changes being done on config ..and ranger had pulled >> incomplete group/user list in the 1st attempt .. >> > stop ranger user sync .. >> > delete all the groups and user using ranger REST API >> .... >> https://github.com/apache/incubator-ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java >> >> .... group delete e.g. >> curl -i -X DELETE --header "AcceptDELETEplication/json" -H >> "Content-Type: application/json" -u admin:admin >> http://<ranger-ip/fqdn>:6080/service/xusers/groups/{<comma >> seperated group id's>} >> .... user delete e.g. >> curl -i -X DELETE --header "Accept:application/json" -H >> "Content-Type: application/json" -u admin:admin >> http://<ranger-ip/fqdn>:6080/service/xusers/users/{<comma >> seperated user id's>} >> >> > Re-start ranger admin and start ranger user sync .. >> >> >> >> *Cheers !!* >> Arvind >> >> On Tue, Nov 10, 2015 at 11:18 PM, Kashif Khan <[email protected]> wrote: >> >>> Thanks for your response Arvind. Here is the log. The group name I have >>> issue with is "*PRV-BUS-DataScientist-DISABILITY*" that is not showing >>> in Ranger. However, the other group "*prv-bus-datascientist-life*" that >>> was added same day and being pulled in ranger successfully. >>> >>> >>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>> longGroupName: >>> CN=*PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com, >>> groupName: PRV-BUS-DataScientist-DISABILITY >>> >>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>> Updating user count: 57, userName: xyza1b, groupList: >>> [domain_name-w7-admin-wkstn-users, wireless_production, >>> *prv-bus-datascientist-life*, ho proxy, vpnusers, >>> domain_name-w7-std-user-g, nro proxy, prv-bus-datascientist-disability, >>> domain_name-w7-std-user-fr-g, wireless_location] >>> >>> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder >>> [UnixUserSyncThread] - INFO: >>> addPMXAGroupToUser(xyza1b,prv-bus-datascientist-disability) >>> >>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>> longGroupName: >>> *CN=PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com, >>> groupName: PRV-BUS-DataScientist-DISABILITY >>> >>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>> Updating user count: 59, userName: xyza2b, groupList: >>> [domain_name-w7-admin-wkstn-users, wireless_production, >>> prv-bus-datascientist-life, ho proxy, vpnusers, domain_name-w7-std-user-g, >>> nro proxy, prv-bus-datascientist-disability, domain_name-w7-std-user-fr-g, >>> wireless_location] >>> >>> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder >>> [UnixUserSyncThread] - INFO: >>> addPMXAGroupToUser(xyza2b,prv-bus-datascientist-disability) >>> >>> >>> >>> >>> On Tue, Nov 10, 2015 at 1:52 AM, Arvind S <[email protected]> wrote: >>> >>>> can you post the log section where you see the groups and users being >>>> pulled .. >>>> i have had issues when using AD (internally setting were using LDAP in >>>> AD) as user/group source and user/ group names had spaces or dots in them. >>>> >>>> If possible update to ranger .5 it has some better handling. >>>> >>>> >>>> *Cheers !!* >>>> Arvind >>>> >>>> On Tue, Nov 10, 2015 at 9:34 AM, Kashif Khan <[email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I am trying to pull one LDAP group into ranger but it is not being >>>>> added. Looking at usersync.log, the group is being pulled and users are >>>>> added to that group, but I am not able to figure out why group is not >>>>> showing up in either ranger x_group table or ranger UI. >>>>> >>>>> Tried to run usersync process in debug mode with no luck. Would >>>>> appreciate any help. I am using 0.4 version. >>>>> >>>>> -- >>>>> Thanks, >>>>> Kashif >>>>> >>>>> >>>>> >>>> >>> >>> >>> -- >>> Thanks, >>> Kashif >>> >> >> > > > -- > Thanks, > Kashif > -- Thanks, Kashif
