Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-10513

ambari-server sync-ldap fails if there are too many users in the LDAP server (more than 1000?)

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.1.0
    • ambari-server
    • None

    Description

      ambari-server setup-ldap was performed against QE AD server, which has more than 2000 users.

      [root@c6401 ~]# ambari-server sync-ldap --all
Using python  /usr/bin/python2.6
Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing all.......ERROR: Exiting with exit code 1.
REASON: Caught exception running LDAP sync. [LDAP: error code 4 - Sizelimit Exceeded]; nested exception is javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'CN=Users,DC=scl42,DC=hortonworks,DC=com'

      Dilli Arumugam told me that Ranger (formerly known as XASecure) also hit a similar issue

      Problem: If your directory contains > 1000 users, attempts to sync-ldap users and groups to Ambari will fail. There is a limit of 1000 to the number of entities Ambari can process.
      Solution: Perform the sync-ldap using the --users and --groups option to limit the amount of entities to be under 1000 and perform the sync in batches.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            eanca Emil Anca
            eanca Emil Anca
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment