ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keta Patel <keta.mahendrakumar.pa...@gmail.com>
Subject Re: sync LDAP behavior
Date Fri, 19 Feb 2016 21:14:56 GMT
Hello Robert,
Thank you for pointing out the Jira. This patch resolved the issue I was
facing.

Thank you,
Keta

On Fri, Feb 19, 2016 at 5:02 AM, Robert Levas <rlevas@hortonworks.com>
wrote:

> Hi Keta…
>
> What version of Ambari are you using? My guess is 2.2.0.  If so, I think
> you may have bumped into the bug fixed in
> https://issues.apache.org/jira/browse/AMBARI-15031, which will be
> released in Ambari version 2.2.2 - I am not sure of the release date for
> that.
>
> Unfortunately, to perform subsequent sync-all operations with your current
> version, you will need to clear out the imported LDAP groups and associated
> metadata from the Ambari database.  Else you will be able to sync an
> explicit set of groups using the —group option.
>
> To clear out the imported groups and associated metadata from the Ambari
> database (after backing up your database), you will need to delete all
> groups from the `groups` table where `ldap_group`=1.  You will also need to
> remove all records from the `adminprincipal` table where the `principal_id`
> equals the `groups.principal_id` for the relevant records.  So something
> like this should do the trick.
>
>         DELETE FROM adminprincipal WHERE principal_id IN (SELECT
> principal_id FROM groups WHERE ldap_group=1);
>         DELETE FROM groups WHERE ldap_group=1;
>
>
> Rob
>
>
>
>
>
> On 2/18/16, 8:00 PM, "Keta Patel" <keta.mahendrakumar.patel@gmail.com>
> wrote:
>
> >Adding more detail to my question:
> >
> >The following is what I see when I perform sync-ldap consecutively.
> >*The very 1st call:*
> >>>ambari-server sync-ldap --all
> >
> >*Result:*
> >Using python  /usr/bin/python2
> >Syncing with LDAP...
> >Enter Ambari Admin login: admin
> >Enter Ambari Admin password:
> >Syncing all...
> >
> >Completed LDAP Sync.
> >Summary:
> >  memberships:
> >    removed = 0
> >    created = 0
> >  users:
> >    updated = 0
> >    removed = 0
> >    created = 0
> >  groups:
> >    updated = 0
> >    removed = 0
> >    created = 2
> >
> >Ambari Server 'sync-ldap' completed successfully.
> >
> >
> >
> >
> >*The 2nd time I call:*
> >>>ambari-server sync-ldap --all
> >
> >*Result:*
> >Using python  /usr/bin/python2
> >Syncing with LDAP...
> >Enter Ambari Admin login: admin
> >Enter Ambari Admin password:
> >Syncing all...ERROR: Exiting with exit code 1.
> >REASON: Caught exception running LDAP sync. Exception [EclipseLink-4002]
> >(Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd):
> >org.eclipse.persistence.exceptions.DatabaseException
> >Internal Exception: java.sql.BatchUpdateException: Batch entry 0 INSERT
> >INTO groups (group_id, group_name, ldap_group, principal_id) VALUES (524,
> >'sheetsg9', 1, 5527) was aborted.  Call getNextException to see the cause.
> >Error Code: 0
> >Call: INSERT INTO groups (group_id, group_name, ldap_group, principal_id)
> >VALUES (?, ?, ?, ?)
> >    bind => [4 parameters bound]
> >
> >
> >
> >The only difference I found with the LDAP group "sheetsg9" when compared
> to
> >the other LDAP groups was that *it had no users associated with it.*
> >The workaround involves deleting that group from the "groups" table in the
> >DB and syncing again. The sync goes through fine after that.
> >
> >Is this the expected behavior of "sync-ldap --all" or is the case of
> >handling groups with no users not handled properly?
> >
> >On Thu, Feb 18, 2016 at 3:27 PM, Keta Patel <
> >keta.mahendrakumar.patel@gmail.com> wrote:
> >
> >> Hello all,
> >> What is the expected behavior of "ambari-server sync-ldap --all" on the
> >> 2nd or later calls?
> >>
> >> Thank you!
> >> Keta
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message