ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sailaja Polavarapu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-720) Ldap discovery tool doesn't seem to be working as expected
Date Thu, 05 Nov 2015 05:09:27 GMT

    [ https://issues.apache.org/jira/browse/RANGER-720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991138#comment-14991138
] 

Sailaja Polavarapu commented on RANGER-720:
-------------------------------------------

Hi Bosco,
 Thank you for trying out the tool. Following is some explanation on the behavior of the tool:

1. User search base - Value for user search base is derived as the OU with max. no of users
(from the first 20 users that are retrieved). This is stated in the wiki document section
2.4.
 In this case the OU with max. no of users is OU=workshop_service_users,DC=AD-HELLO,DC=COM.

>>>> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
2. User Group name attribute - Currently the assumption for the possible user's group name
attribute which is same as user's group member attribute is  "memberOf" or "ismemberOf". This
is also documented in the assumptions section (section 3)
3. Sample username for authentication - This is just the username or login name which is in
this case "sample" I guess.

Thanks,
Sailaja.


> Ldap discovery tool doesn't seem to be working as expected
> ----------------------------------------------------------
>
>                 Key: RANGER-720
>                 URL: https://issues.apache.org/jira/browse/RANGER-720
>             Project: Ranger
>          Issue Type: Bug
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Don Bosco Durai
>            Assignee: Sailaja Polavarapu
>
> [~spolavarapu]
> I was testing the ldap discovery tool against AD and it seems the results were not as
I expected:
> input.properties:
> ranger.usersync.ldap.url=ldap://ad-hello.cloud.hello.com                            
                                    
> ranger.usersync.ldap.binddn=CN=LDAP Access,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.usersync.ldap.ldapbindpassword=<password>
> ranger.admin.auth.sampleuser=CN=sample,OU=MyUsers,DC=AD-HELLO,DC=COM
> ranger.admin.auth.samplepassword=<password>
> output:
> SYNC_LDAP_USER_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_OBJECT_CLASS=person
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=
> SYNC_LDAP_USER_SEARCH_BASE=OU=workshop_service_users,DC=AD-HDP,DC=COM
> SYNC_LDAP_USER_SEARCH_FILTER=sAMAccountName=*
> ldapConfigCheck.log
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> INFO: No. of users from DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=workshop_service_users,DC=AD-HELLO,DC=COM = 12
> INFO: No. of users from OU=MyUsers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from OU=Domain Controllers,DC=AD-HELLO,DC=COM = 1
> INFO: No. of users from CN=Users,DC=AD-HELLO,DC=COM = 5
> ERROR: Connection failed: null
> I was expecting the following:
> SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=sAMAccountName
> SYNC_LDAP_USER_SEARCH_BASE=OU=MyUsers,DC=AD-HELLO,DC=COM
> Also, there is an ERROR: Connection failed: null
> Let me know if you need additional information. Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message