You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (JIRA)" <ji...@apache.org> on 2015/11/05 06:09:27 UTC
[jira] [Commented] (RANGER-720) Ldap discovery tool doesn't seem to
be working as expected
[ https://issues.apache.org/jira/browse/RANGER-720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991138#comment-14991138 ]
Sailaja Polavarapu commented on RANGER-720:
-------------------------------------------
Hi Bosco,
Thank you for trying out the tool. Following is some explanation on the behavior of the tool:
1. User search base - Value for user search base is derived as the OU with max. no of users (from the first 20 users that are retrieved). This is stated in the wiki document section 2.4.
In this case the OU with max. no of users is OU=workshop_service_users,DC=AD-HELLO,DC=COM.
>>>> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
2. User Group name attribute - Currently the assumption for the possible user's group name attribute which is same as user's group member attribute is "memberOf" or "ismemberOf". This is also documented in the assumptions section (section 3)
3. Sample username for authentication - This is just the username or login name which is in this case "sample" I guess.
Thanks,
Sailaja.
> Ldap discovery tool doesn't seem to be working as expected
> ----------------------------------------------------------
>
> Key: RANGER-720
> URL: https://issues.apache.org/jira/browse/RANGER-720
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Affects Versions: 0.5.1
> Reporter: Don Bosco Durai
> Assignee: Sailaja Polavarapu
>
> [~spolavarapu]
> I was testing the ldap discovery tool against AD and it seems the results were not as I expected:
> input.properties:
> ranger.usersync.ldap.url=ldap://ad-hello.cloud.hello.com
> ranger.usersync.ldap.binddn=CN=LDAP Access,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.usersync.ldap.ldapbindpassword=<password>
> ranger.admin.auth.sampleuser=CN=sample,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.admin.auth.samplepassword=<password>
> output:
> SYNC_LDAP_USER_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_OBJECT_CLASS=person
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=
> SYNC_LDAP_USER_SEARCH_BASE=OU=workshop_service_users,DC=AD-HDP,DC=COM
> SYNC_LDAP_USER_SEARCH_FILTER=sAMAccountName=*
> ldapConfigCheck.log
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> ERROR: Connection failed: null
> I was expecting the following:
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_SEARCH_BASE=OU=MyUsers,DC=AD-HELLO,DC=COM
> Also, there is an ERROR: Connection failed: null
> Let me know if you need additional information. Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)