Hi,

My ranger syncs LDAP users but does not sync LDAP groups.

Below is the log:

11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LdapUserGroupBuilder initialization comple
ted with --  ldapUrl: ldap://something.oraclevcn.com:389,  ldapBindDn:
cn=ldapadm,dc=oc
idw,dc=prod2,  ldapBindPassword: ***** ,  ldapAuthenticationMechanism:
simple,  searchBase: dc=ocidw,dc=prod2,  u
serSearchBase: [ou=people,dc=ocidw,dc=prod2],  userSearchScope: 2,
userObjectClass: account,  userSearchFilter:
(cn=*),  extendedUserSearchFilter: (&(objectclass=account)(cn=*)),
userNameAttribute: uid,  userSearchAttributes
: [uid],  userGroupNameAttributeSet: null,  pagedResultsEnabled: true,
pagedResultsSize: 500,  groupSearchEnable
d: true,  groupSearchBase: [dc=ocidw,dc=prod2],  groupSearchScope: 2,
groupObjectClass: posixGroup,  groupSearch
Filter: (objectClass=posixGroup),  extendedGroupSearchFilter:
(&(objectclass=posixGroup)(objectClass=posixGroup)(
|(member={0})(member={1}))),  extendedAllGroupsSearchFilter:
(&(objectclass=posixGroup)(objectClass=posixGroup)),
  groupMemberAttributeName: member,  groupNameAttribute: cn,
groupSearchAttributes: [member, cn],  groupUserMapSy
ncEnabled: true, groupSearchFirstEnabled: false, userSearchEnabled: false,
ldapReferral: ignore
11 Jul 2018 01:10:04  INFO UserGroupSync [UnixUserSyncThread] - Begin:
initial load of user/group from source==>s
ink
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder updateSink started
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
Performing user search first
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
Updating user count: 1, userName: admin, groupList: []
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
Updating user count: 2, userName: amb_ranger_admin, groupList: []
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
Updating user count: 3, userName: guest, groupList: []
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
Updating user count: 4, userName: guest2, groupList: []
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder.getUsers() completed with user count: 4
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
groupSearch is enabled, would search for groups and compute memberships
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder.getGroups() completed with group count: 0
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
groupSearch is enabled, would search for groups and compute memberships
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder.getGroups() completed with group count: 0
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
groupSearch is enabled, would search for groups and compute memberships
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder.getGroups() completed with group count: 0
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
groupSearch is enabled, would search for groups and compute memberships
11 Jul 2018 01:10:04  INFO LdapUserGroupBuilder [UnixUserSyncThread] -
LDAPUserGroupBuilder.getGroups() completed with group count: 0
11 Jul 2018 01:10:04  INFO UserGroupSync [UnixUserSyncThread] - End:
initial load of user/group from source==>sink
11 Jul 2018 01:10:04  INFO UserGroupSync [UnixUserSyncThread] - Done
initializing user/group source and sink
Below is ambari blueprint settings:

"ranger-ugsync-site": {
        "properties": {
          "ranger.usersync.group.memberattributename": "member",
          "ranger.usersync.group.nameattribute": "cn",
          "ranger.usersync.group.objectclass": "posixGroup",
          "ranger.usersync.group.searchbase": "dc=ocidw,dc=%ENV%",
          "ranger.usersync.group.searchenabled": "true",
          "ranger.usersync.group.searchfilter": "(objectClass=posixGroup)",
          "ranger.usersync.group.searchscope": "sub",
          "ranger.usersync.group.usermapsyncenabled": "true",
          "ranger.usersync.ldap.bindalias":
"ranger.usersync.ldap.bindalias",
          "ranger.usersync.ldap.binddn": "cn=ldapadm,dc=ocidw,dc=%ENV%",
          "ranger.usersync.ldap.bindkeystore":
"/usr/hdp/current/ranger-usersync/conf/ugsync.jceks",
          "ranger.usersync.ldap.groupname.caseconversion": "none",
          "ranger.usersync.ldap.ldapbindpassword": "%SERVICE_PASSWORD%",
          "ranger.usersync.ldap.referral": "ignore",
          "ranger.usersync.ldap.searchBase": "dc=ocidw,dc=%ENV%",
          "ranger.usersync.ldap.url":
"ldap://%ENV%-ambariserver.%SUBNET%.%VCN%.oraclevcn.com:389",
          "ranger.usersync.ldap.username.caseconversion": "none",
          "ranger.usersync.ldap.user.searchscope": "sub",
          "ranger.usersync.ldap.user.searchbase":
"ou=people,dc=ocidw,dc=%ENV%",
          "ranger.usersync.ldap.user.searchfilter": "(cn=*)",
          "ranger.usersync.ldap.user.objectclass": "account",
          "ranger.usersync.ldap.user.nameattribute": "uid",
          "ranger.usersync.ldap.deltasync": "false",
          "ranger.usersync.sink.impl.class":
"org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder",
          "ranger.usersync.source.impl.class":
"org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
          "ranger.usersync.ssl": "false"
        }

{
      "ranger-admin-site": {
        "properties_attributes": {},
        "properties": {
          "ranger.audit.solr.zookeepers":"%ENV%-namenode.%SUBNET%.%VCN%.
oraclevcn.com:2181/infra-solr",
          "ranger.authentication.method": "LDAP",
          "ranger.credential.provider.path":
"/etc/ranger/admin/rangeradmin.jceks",
          "ranger.externalurl": "http://%ENV%-namenode.%SUBNET%.%VCN%.
oraclevcn.com:6080",
          "ranger.jpa.jdbc.driver": "oracle.jdbc.driver.OracleDriver