【发布时间】:2021-05-15 04:59:40
【问题描述】:
我正在使用 Ranger 1.2.0 版。我正在尝试与 LDAP 用户/组同步集成。下面是ranger的配置。
Bind User: uid=admin,o=Mobility
Username Attribute : cn
User Object Class : inetOrgPerson
User Search Base : ou=Users,o=Mobility
User Search Filter : (&(objectClass=inetOrgPerson)(cn=?))
User Search Scope : cn
User Group Name Attribute : cn
Group Member Attribute : member
Group Name Attribute : cn
Group Object Class : groupOfNames
Group Search Base : ou=Groups,o=Mobility
Group Search Filter : (&(objectClass=groupOfNames)(cn=?))
下面是 LDAP condig 的截图
以下是我在 ranger auth.log 中获取的日志
11 Feb 2021 16:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 16:51:04 INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink
11 Feb 2021 17:51:04 INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==>sink
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=inetOrgPerson)(|(uSNChanged>=0)(modifyTimestamp>=1
9700101053000Z))(&(objectClass=inetOrgPerson)(cn=?)))
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=groupOfNames)(&(objectClass=groupOfNames)(cn=
?))(|(uSNChanged>=0)(modifyTimestamp>=19700101053000Z)))
11 Feb 2021 17:51:04 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 17:51:05 INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink
【问题讨论】:
标签: ldap openldap ambari apache-ranger