You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Loïc CHANEL <lo...@telecomnancy.net> on 2024/02/19 11:38:34 UTC
Groups not retrieved
Hi guys,
Since 2.4, LDAP information retrieval to create groups seems broken. My
sync issues are solved for users, but I'm still unable to pull groups from
LDAP. For instance, here are the information in the LDAP from my user :
sn: CHANEL
postOfficeBox: someValue
givenName: LOIC
displayName: CHANEL LOIC
memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
name: LCH657
mail: loic.chanel@telecomnancy.net
Now here is my configuration on Ranger side :
<property>
<name>ranger.usersync.ldap.user.groupnameattribute</name>
<value>postOfficeBox,memberOf</value>
</property>
And I can even see that the retrieval is going that way :
9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
[UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
-- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
[ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
userObjectClass: organizationalPerson, userSearchFilter:
(memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
extendedUserSearchFilter: null, userNameAttribute: name,
userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
[postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
groupObjectClass: groupofnames, groupSearchFilter: ,
extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
userSearchEnabled: true, ldapReferral: ignore
But in Ranger, my user is created without any group. What am I missing ?
Thanks,
Loïc CHANEL
Technical leader Big Data
Capgemini (Lyon, France)
Re: Groups not retrieved
Posted by Loïc CHANEL <lo...@telecomnancy.net>.
And now it works perfectly. Thanks !
I'm curious about that option : could you provide more details ? Why does
it trigger the usage of SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter to do
exactly what I was trying to achieve ? And what was the previous behaviour ?
Thanks a lot for your help,
Loïc
Le ven. 22 mars 2024 à 15:34, Sailaja Polavarapu <sp...@cloudera.com>
a écrit :
> Oh ok. In this case can you try setting
> ranger.usersync.group.searchenabled to false?
>
> On Fri, Mar 22, 2024 at 1:27 AM Loïc CHANEL <lo...@telecomnancy.net>
> wrote:
>
>> Hi Sailaja,
>>
>> Actually, the groups are not stored in the LDAP I'm querying (or at least
>> I can't access them), so I'm retrieving the groups using
>> the SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter, which I configured but
>> doesn't seem to work as I expected.
>> As a matter of fact, I'm successfully retrieving users from the LDAP with
>> a postOfficeBox field, but setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE =
>> postOfficeBox does not retrieve the value of the field to create a group.
>>
>> Let me give you an example to clarify. From the LDAP I'm retrieving the
>> following user :
>>
>> sn: DOE
>> postOfficeBox: 9001928
>> givenName: JOHN
>> displayName: DOE JOHN
>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
>> name: FOO123
>> mail: john.doe@blabla.com
>>
>>
>> The field I'm really interested in for group purposes is postOfficeBox.
>> So by setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox I expect
>> Usersync to create a group named "9001928" and add John Doe to that group,
>> but it doesn't work. Does Usersync only expect groups with LDAP structure
>> (like the memberOf line) ?
>> Thanks,
>>
>>
>> Loïc
>>
>> Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu <
>> spolavarapu@cloudera.com> a écrit :
>>
>>> Hi Loic,
>>> I see that you have below config properties for group search. In this
>>> case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base.
>>> Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org"
>>> group is under the configured search base?
>>> groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org],
>>> groupSearchScope: 2, groupObjectClass: groupofnames,
>>> May be if you provide usersync logs, that can help to analyze further
>>>
>>> Thanks,
>>> Sailaja.
>>>
>>> On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <
>>> loic.chanel@telecomnancy.net> wrote:
>>>
>>>> Hi team,
>>>> Am I the only one experiencing this issue ?
>>>> Thanks,
>>>>
>>>> Loïc
>>>>
>>>>
>>>> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <
>>>> loic.chanel@telecomnancy.net> a écrit :
>>>>
>>>>> Hi guys,
>>>>>
>>>>> Since 2.4, LDAP information retrieval to create groups seems broken.
>>>>> My sync issues are solved for users, but I'm still unable to pull groups
>>>>> from LDAP. For instance, here are the information in the LDAP from my user :
>>>>> sn: CHANEL
>>>>> postOfficeBox: someValue
>>>>> givenName: LOIC
>>>>> displayName: CHANEL LOIC
>>>>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
>>>>> name: LCH657
>>>>> mail: loic.chanel@telecomnancy.net
>>>>>
>>>>> Now here is my configuration on Ranger side :
>>>>> <property>
>>>>>
>>>>> <name>ranger.usersync.ldap.user.groupnameattribute</name>
>>>>> <value>postOfficeBox,memberOf</value>
>>>>> </property>
>>>>>
>>>>> And I can even see that the retrieval is going that way :
>>>>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
>>>>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
>>>>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
>>>>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
>>>>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
>>>>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
>>>>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
>>>>> userObjectClass: organizationalPerson, userSearchFilter:
>>>>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
>>>>> extendedUserSearchFilter: null, userNameAttribute: name,
>>>>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
>>>>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
>>>>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
>>>>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
>>>>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
>>>>> groupObjectClass: groupofnames, groupSearchFilter: ,
>>>>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
>>>>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
>>>>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
>>>>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
>>>>> userSearchEnabled: true, ldapReferral: ignore
>>>>>
>>>>> But in Ranger, my user is created without any group. What am I missing
>>>>> ?
>>>>> Thanks,
>>>>>
>>>>>
>>>>> Loïc CHANEL
>>>>> Technical leader Big Data
>>>>> Capgemini (Lyon, France)
>>>>>
>>>>
Re: Groups not retrieved
Posted by Sailaja Polavarapu <sp...@cloudera.com>.
Oh ok. In this case can you try setting ranger.usersync.group.searchenabled
to false?
On Fri, Mar 22, 2024 at 1:27 AM Loïc CHANEL <lo...@telecomnancy.net>
wrote:
> Hi Sailaja,
>
> Actually, the groups are not stored in the LDAP I'm querying (or at least
> I can't access them), so I'm retrieving the groups using
> the SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter, which I configured but
> doesn't seem to work as I expected.
> As a matter of fact, I'm successfully retrieving users from the LDAP with
> a postOfficeBox field, but setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE =
> postOfficeBox does not retrieve the value of the field to create a group.
>
> Let me give you an example to clarify. From the LDAP I'm retrieving the
> following user :
>
> sn: DOE
> postOfficeBox: 9001928
> givenName: JOHN
> displayName: DOE JOHN
> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
> name: FOO123
> mail: john.doe@blabla.com
>
>
> The field I'm really interested in for group purposes is postOfficeBox. So
> by setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox I expect
> Usersync to create a group named "9001928" and add John Doe to that group,
> but it doesn't work. Does Usersync only expect groups with LDAP structure
> (like the memberOf line) ?
> Thanks,
>
>
> Loïc
>
> Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu <sp...@cloudera.com>
> a écrit :
>
>> Hi Loic,
>> I see that you have below config properties for group search. In this
>> case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base.
>> Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org"
>> group is under the configured search base?
>> groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org],
>> groupSearchScope: 2, groupObjectClass: groupofnames,
>> May be if you provide usersync logs, that can help to analyze further
>>
>> Thanks,
>> Sailaja.
>>
>> On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <lo...@telecomnancy.net>
>> wrote:
>>
>>> Hi team,
>>> Am I the only one experiencing this issue ?
>>> Thanks,
>>>
>>> Loïc
>>>
>>>
>>> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <lo...@telecomnancy.net>
>>> a écrit :
>>>
>>>> Hi guys,
>>>>
>>>> Since 2.4, LDAP information retrieval to create groups seems broken. My
>>>> sync issues are solved for users, but I'm still unable to pull groups from
>>>> LDAP. For instance, here are the information in the LDAP from my user :
>>>> sn: CHANEL
>>>> postOfficeBox: someValue
>>>> givenName: LOIC
>>>> displayName: CHANEL LOIC
>>>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
>>>> name: LCH657
>>>> mail: loic.chanel@telecomnancy.net
>>>>
>>>> Now here is my configuration on Ranger side :
>>>> <property>
>>>>
>>>> <name>ranger.usersync.ldap.user.groupnameattribute</name>
>>>> <value>postOfficeBox,memberOf</value>
>>>> </property>
>>>>
>>>> And I can even see that the retrieval is going that way :
>>>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
>>>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
>>>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
>>>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
>>>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
>>>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
>>>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
>>>> userObjectClass: organizationalPerson, userSearchFilter:
>>>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
>>>> extendedUserSearchFilter: null, userNameAttribute: name,
>>>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
>>>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
>>>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
>>>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
>>>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
>>>> groupObjectClass: groupofnames, groupSearchFilter: ,
>>>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
>>>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
>>>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
>>>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
>>>> userSearchEnabled: true, ldapReferral: ignore
>>>>
>>>> But in Ranger, my user is created without any group. What am I missing ?
>>>> Thanks,
>>>>
>>>>
>>>> Loïc CHANEL
>>>> Technical leader Big Data
>>>> Capgemini (Lyon, France)
>>>>
>>>
Re: Groups not retrieved
Posted by Loïc CHANEL <lo...@telecomnancy.net>.
Hi Sailaja,
Actually, the groups are not stored in the LDAP I'm querying (or at least I
can't access them), so I'm retrieving the groups using
the SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE parameter, which I configured but
doesn't seem to work as I expected.
As a matter of fact, I'm successfully retrieving users from the LDAP with a
postOfficeBox field, but setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE =
postOfficeBox does not retrieve the value of the field to create a group.
Let me give you an example to clarify. From the LDAP I'm retrieving the
following user :
sn: DOE
postOfficeBox: 9001928
givenName: JOHN
displayName: DOE JOHN
memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
name: FOO123
mail: john.doe@blabla.com
The field I'm really interested in for group purposes is postOfficeBox. So
by setting SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = postOfficeBox I expect
Usersync to create a group named "9001928" and add John Doe to that group,
but it doesn't work. Does Usersync only expect groups with LDAP structure
(like the memberOf line) ?
Thanks,
Loïc
Le jeu. 21 mars 2024 à 22:51, Sailaja Polavarapu <sp...@cloudera.com>
a écrit :
> Hi Loic,
> I see that you have below config properties for group search. In this
> case the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base.
> Can you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org"
> group is under the configured search base?
> groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org],
> groupSearchScope: 2, groupObjectClass: groupofnames,
> May be if you provide usersync logs, that can help to analyze further
>
> Thanks,
> Sailaja.
>
> On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <lo...@telecomnancy.net>
> wrote:
>
>> Hi team,
>> Am I the only one experiencing this issue ?
>> Thanks,
>>
>> Loïc
>>
>>
>> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <lo...@telecomnancy.net>
>> a écrit :
>>
>>> Hi guys,
>>>
>>> Since 2.4, LDAP information retrieval to create groups seems broken. My
>>> sync issues are solved for users, but I'm still unable to pull groups from
>>> LDAP. For instance, here are the information in the LDAP from my user :
>>> sn: CHANEL
>>> postOfficeBox: someValue
>>> givenName: LOIC
>>> displayName: CHANEL LOIC
>>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
>>> name: LCH657
>>> mail: loic.chanel@telecomnancy.net
>>>
>>> Now here is my configuration on Ranger side :
>>> <property>
>>> <name>ranger.usersync.ldap.user.groupnameattribute</name>
>>> <value>postOfficeBox,memberOf</value>
>>> </property>
>>>
>>> And I can even see that the retrieval is going that way :
>>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
>>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
>>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
>>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
>>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
>>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
>>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
>>> userObjectClass: organizationalPerson, userSearchFilter:
>>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
>>> extendedUserSearchFilter: null, userNameAttribute: name,
>>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
>>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
>>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
>>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
>>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
>>> groupObjectClass: groupofnames, groupSearchFilter: ,
>>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
>>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
>>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
>>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
>>> userSearchEnabled: true, ldapReferral: ignore
>>>
>>> But in Ranger, my user is created without any group. What am I missing ?
>>> Thanks,
>>>
>>>
>>> Loïc CHANEL
>>> Technical leader Big Data
>>> Capgemini (Lyon, France)
>>>
>>
Re: Groups not retrieved
Posted by Sailaja Polavarapu <sp...@cloudera.com>.
Hi Loic,
I see that you have below config properties for group search. In this case
the groups are retrieved from "dc=cmb,dc=blabla,dc=org" search base. Can
you check if "CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org" group is
under the configured search base?
groupSearchEnabled: true, groupSearchBase: [dc=cmb,dc=blabla,dc=org],
groupSearchScope: 2, groupObjectClass: groupofnames,
May be if you provide usersync logs, that can help to analyze further
Thanks,
Sailaja.
On Thu, Mar 21, 2024 at 8:00 AM Loïc CHANEL <lo...@telecomnancy.net>
wrote:
> Hi team,
> Am I the only one experiencing this issue ?
> Thanks,
>
> Loïc
>
>
> Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <lo...@telecomnancy.net>
> a écrit :
>
>> Hi guys,
>>
>> Since 2.4, LDAP information retrieval to create groups seems broken. My
>> sync issues are solved for users, but I'm still unable to pull groups from
>> LDAP. For instance, here are the information in the LDAP from my user :
>> sn: CHANEL
>> postOfficeBox: someValue
>> givenName: LOIC
>> displayName: CHANEL LOIC
>> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
>> name: LCH657
>> mail: loic.chanel@telecomnancy.net
>>
>> Now here is my configuration on Ranger side :
>> <property>
>> <name>ranger.usersync.ldap.user.groupnameattribute</name>
>> <value>postOfficeBox,memberOf</value>
>> </property>
>>
>> And I can even see that the retrieval is going that way :
>> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
>> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
>> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
>> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
>> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
>> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
>> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
>> userObjectClass: organizationalPerson, userSearchFilter:
>> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
>> extendedUserSearchFilter: null, userNameAttribute: name,
>> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
>> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
>> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
>> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
>> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
>> groupObjectClass: groupofnames, groupSearchFilter: ,
>> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
>> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
>> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
>> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
>> userSearchEnabled: true, ldapReferral: ignore
>>
>> But in Ranger, my user is created without any group. What am I missing ?
>> Thanks,
>>
>>
>> Loïc CHANEL
>> Technical leader Big Data
>> Capgemini (Lyon, France)
>>
>
Re: Groups not retrieved
Posted by Loïc CHANEL <lo...@telecomnancy.net>.
Hi team,
Am I the only one experiencing this issue ?
Thanks,
Loïc
Le lun. 19 févr. 2024 à 12:38, Loïc CHANEL <lo...@telecomnancy.net> a
écrit :
> Hi guys,
>
> Since 2.4, LDAP information retrieval to create groups seems broken. My
> sync issues are solved for users, but I'm still unable to pull groups from
> LDAP. For instance, here are the information in the LDAP from my user :
> sn: CHANEL
> postOfficeBox: someValue
> givenName: LOIC
> displayName: CHANEL LOIC
> memberOf: CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org
> name: LCH657
> mail: loic.chanel@telecomnancy.net
>
> Now here is my configuration on Ranger side :
> <property>
> <name>ranger.usersync.ldap.user.groupnameattribute</name>
> <value>postOfficeBox,memberOf</value>
> </property>
>
> And I can even see that the retrieval is going that way :
> 9 Feb 2024 12:16:56 INFO o.a.r.l.p.LdapUserGroupBuilder
> [UnixUserSyncThread] - LdapUserGroupBuilder initialization completed with
> -- ldapUrl: ldap://cmb.blabla.org:389, ldapBindDn:
> CN=LCH657,ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org,
> ldapBindPassword: ***** , ldapAuthenticationMechanism: simple,
> searchBase: dc=cmb,dc=blabla,dc=org, userSearchBase:
> [ou=COCM,ou=utilisateurs,dc=cmb,dc=blabla,dc=org], userSearchScope: 2,
> userObjectClass: organizationalPerson, userSearchFilter:
> (memberOf=CN=usr_tool_prd,OU=Tool,OU=Groupes,DC=blabla,DC=org),
> extendedUserSearchFilter: null, userNameAttribute: name,
> userSearchAttributes: [postOfficeBox, uSNChanged, name, memberOf,
> modifytimestamp, objectid, userurincipaluame], userGroupNameAttributeSet:
> [postOfficeBox, memberOf], otherUserAttributes: [userurincipaluame],
> pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled:
> true, groupSearchBase: [dc=cmb,dc=blabla,dc=org], groupSearchScope: 2,
> groupObjectClass: groupofnames, groupSearchFilter: ,
> extendedGroupSearchFilter: (&null(|(member={0})(member={1}))),
> extendedAllGroupsSearchFilter: null, groupMemberAttributeName: member,
> groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, displayname,
> member, cn, modifytimestamp, objectid], groupSearchFirstEnabled: true,
> userSearchEnabled: true, ldapReferral: ignore
>
> But in Ranger, my user is created without any group. What am I missing ?
> Thanks,
>
>
> Loïc CHANEL
> Technical leader Big Data
> Capgemini (Lyon, France)
>