ldap - Ranger LDAP 集成用户/组同步问题

问题描述

我正在使用 Ranger 1.2.0 版。我正在尝试与 LDAP 用户/组同步集成。以下是游侠的配置。

Bind User: uid=admin,o=Mobility
Username Attribute : cn
User Object Class​ : inetOrgPerson
User Search Base : ou=Users,o=Mobility
​User Search Filter : (&(objectClass=inetOrgPerson)(cn=?))
User Search Scope : cn
User Group Name Attribute : cn
Group Member Attribute : member
Group Name Attribute : cn
Group Object Class : groupOfNames
Group Search Base : ou=Groups,o=Mobility
Group Search Filter : (&(objectClass=groupOfNames)(cn=?))

下面是 LDAP condig 的截图

以下是我在 ranger auth.log 中获取的日志

11 Feb 2021 16:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 16:51:04  INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink
11 Feb 2021 17:51:04  INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==>sink
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder updateSink started
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Performing user search first
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=inetOrgPerson)(|(uSNChanged>=0)(modifyTimestamp>=1
9700101053000Z))(&(objectClass=inetOrgPerson)(cn=?)))
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedAllGroupsSearchFilter = (&(objectclass=groupOfNames)(&(objectClass=groupOfNames)(cn=
?))(|(uSNChanged>=0)(modifyTimestamp>=19700101053000Z)))
11 Feb 2021 17:51:04  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() completed with group count: 0
11 Feb 2021 17:51:05  INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink

标签： ldapopenldapambariapache-ranger