you want the same information in the DB table in file format ? or something more that that ..like debug? for 1st option .. in ranger 0.5 there is an option to enable logging to HDFS also .. not sure if its there in 0.4 .. if you want the 2nd then i don't have an answer right-away ..
*Cheers !!* Arvind On Fri, Nov 13, 2015 at 8:10 AM, Kashif Khan <[email protected]> wrote: > Hi Arvind, > > Deleting all users and groups and pulling them again didn't help. Still > same issue. Looks like upgrade is the only option. > > I have another question, where can I check the logs for all ranger policy > changes logs. I know it is written in ranger_audit db but is it possible to > log that in a log file. > > Thanks, > Kashif > > > > > > On Wed, Nov 11, 2015 at 11:14 PM, Kashif Khan <[email protected]> wrote: > >> Thanks Arvind, I will try that tomorrow and will see if it get fixed. >> >> On Wed, Nov 11, 2015 at 11:10 PM, Arvind S <[email protected]> wrote: >> >>> the only issue i can see is that the member group list has some groups >>> with space in them "ho proxy" .. "nro proxy" .. >>> options >>> > can test by removing user member ship from groups with space in the >>> names ..then check sync >>> > as Ramesh said you can try to move to a newer version .. >>> >>> this is a long shot but did work for me once when i was testing >>> initially with lots of changes being done on config ..and ranger had pulled >>> incomplete group/user list in the 1st attempt .. >>> > stop ranger user sync .. >>> > delete all the groups and user using ranger REST API >>> .... >>> https://github.com/apache/incubator-ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java >>> >>> .... group delete e.g. >>> curl -i -X DELETE --header "AcceptDELETEplication/json" -H >>> "Content-Type: application/json" -u admin:admin >>> http://<ranger-ip/fqdn>:6080/service/xusers/groups/{<comma >>> seperated group id's>} >>> .... user delete e.g. >>> curl -i -X DELETE --header "Accept:application/json" -H >>> "Content-Type: application/json" -u admin:admin >>> http://<ranger-ip/fqdn>:6080/service/xusers/users/{<comma >>> seperated user id's>} >>> >>> > Re-start ranger admin and start ranger user sync .. >>> >>> >>> >>> *Cheers !!* >>> Arvind >>> >>> On Tue, Nov 10, 2015 at 11:18 PM, Kashif Khan <[email protected]> wrote: >>> >>>> Thanks for your response Arvind. Here is the log. The group name I have >>>> issue with is "*PRV-BUS-DataScientist-DISABILITY*" that is not showing >>>> in Ranger. However, the other group "*prv-bus-datascientist-life*" >>>> that was added same day and being pulled in ranger successfully. >>>> >>>> >>>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>>> longGroupName: >>>> CN=*PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com, >>>> groupName: PRV-BUS-DataScientist-DISABILITY >>>> >>>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>>> Updating user count: 57, userName: xyza1b, groupList: >>>> [domain_name-w7-admin-wkstn-users, wireless_production, >>>> *prv-bus-datascientist-life*, ho proxy, vpnusers, >>>> domain_name-w7-std-user-g, nro proxy, prv-bus-datascientist-disability, >>>> domain_name-w7-std-user-fr-g, wireless_location] >>>> >>>> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder >>>> [UnixUserSyncThread] - INFO: >>>> addPMXAGroupToUser(xyza1b,prv-bus-datascientist-disability) >>>> >>>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>>> longGroupName: >>>> *CN=PRV-BUS-DataScientist-DISABILITY*,OU=Security-Groups,DC=domain_name,DC=com, >>>> groupName: PRV-BUS-DataScientist-DISABILITY >>>> >>>> 10 Nov 2015 12:04:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - >>>> Updating user count: 59, userName: xyza2b, groupList: >>>> [domain_name-w7-admin-wkstn-users, wireless_production, >>>> prv-bus-datascientist-life, ho proxy, vpnusers, domain_name-w7-std-user-g, >>>> nro proxy, prv-bus-datascientist-disability, domain_name-w7-std-user-fr-g, >>>> wireless_location] >>>> >>>> 10 Nov 2015 12:04:40 DEBUG PolicyMgrUserGroupBuilder >>>> [UnixUserSyncThread] - INFO: >>>> addPMXAGroupToUser(xyza2b,prv-bus-datascientist-disability) >>>> >>>> >>>> >>>> >>>> On Tue, Nov 10, 2015 at 1:52 AM, Arvind S <[email protected]> >>>> wrote: >>>> >>>>> can you post the log section where you see the groups and users being >>>>> pulled .. >>>>> i have had issues when using AD (internally setting were using LDAP in >>>>> AD) as user/group source and user/ group names had spaces or dots in them. >>>>> >>>>> If possible update to ranger .5 it has some better handling. >>>>> >>>>> >>>>> *Cheers !!* >>>>> Arvind >>>>> >>>>> On Tue, Nov 10, 2015 at 9:34 AM, Kashif Khan <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I am trying to pull one LDAP group into ranger but it is not being >>>>>> added. Looking at usersync.log, the group is being pulled and users are >>>>>> added to that group, but I am not able to figure out why group is not >>>>>> showing up in either ranger x_group table or ranger UI. >>>>>> >>>>>> Tried to run usersync process in debug mode with no luck. Would >>>>>> appreciate any help. I am using 0.4 version. >>>>>> >>>>>> -- >>>>>> Thanks, >>>>>> Kashif >>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Kashif >>>> >>> >>> >> >> >> -- >> Thanks, >> Kashif >> > > > > -- > Thanks, > Kashif >
