护林员LDAP集成用户/组同步问题 [英] Ranger LDAP Integration User/Group Sync issue

查看:141
本文介绍了护林员LDAP集成用户/组同步问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用Ranger 1.2.0版.我正在尝试与LDAP用户/组同步集成.下面是护林员的配置.

I am using Ranger version 1.2.0.Iam trying to integrate with LDAP user/group sync. Below are the configurations of ranger.

Bind User: uid=admin,o=Mobility
Username Attribute : cn
User Object Class​ : inetOrgPerson
User Search Base : ou=Users,o=Mobility
​User Search Filter : (&(objectClass=inetOrgPerson)(cn=?))
User Search Scope : cn
User Group Name Attribute : cn
Group Member Attribute : member
Group Name Attribute : cn
Group Object Class : groupOfNames
Group Search Base : ou=Groups,o=Mobility
Group Search Filter : (&(objectClass=groupOfNames)(cn=?))

下面是LDAP配置的截图

below is the screenshot of LDAP condig

以下是iam在护林员auth.log中获取的日志

Below are the logs iam getting in ranger auth.log

11 Feb 2021 16:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 16:51:04  INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink
11 Feb 2021 17:51:04  INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==>sink
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=inetOrgPerson)(|(uSNChanged>=0)(modifyTimestamp>=1
9700101053000Z))(&(objectClass=inetOrgPerson)(cn=?)))
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=groupOfNames)(&(objectClass=groupOfNames)(cn=
?))(|(uSNChanged>=0)(modifyTimestamp>=19700101053000Z)))
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 17:51:05  INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink

推荐答案

Usersync 属性配置错误.这是解决方法. https://github.com/apache/ranger/pull/74

Usersync property is wrongly configured. Here is the fix for it. https://github.com/apache/ranger/pull/74

https://www.mail-archive.com/user@ranger.apache.org/msg00684.html

这篇关于护林员LDAP集成用户/组同步问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆