Trino failed to enable ldap to match ranger group

[A-little-bit-of-data]

Currently, trino version 430, openldap uses bitnami 2.6.8, and ranger is 2.4.0. Currently, ranger synchronizes the corresponding relationship between ldap users and groups, as shown in the following figure

The current trino ldap configuration is:

password-authenticator.name=ldap
ldap.url=ldap://localhost:389
ldap.bind-dn=cn=admin,dc=test,dc=com
ldap.bind-password=xxxxxx
ldap.user-base-dn=dc=test,dc=com
ldap.group-auth-pattern=(&(objectClass=posixGroup)(memberUid=${USER}))

Since my ldap does not have the memberOf attribute, I use ldap.group-auth-pattern=(&(objectClass=posixGroup)(memberUid=${USER})) like this, but there are problems at present.

1. When using the evmli user to log in, the password of the evm group must be used to verify the authentication.

2. Use the evmli user and use the password of the evm group to authenticate the authentication. When executing sql, the log is as follows. The group cannot be used to verify the authority during the authority verification, resulting in query failure.

http-worker-346 io.trino.security.AccessControl Invocation of checkCanSetUser(principal=Optional[evmli], userName='evmli') succeeded in 28.35us 

http-worker-346 io.trino.security.AccessControl Invocation of filterQueriesOwnedBy(identity=Ident ity{user='evmli', principal=evmli}, queryOwners=[]) succeeded in 4.60us

The authorization relationship in ranger is shown in the figure

Is there a configuration problem somewhere, or is it that the relationship between the user and group of trino cannot be synchronized with the relationship between the user and group in ldap? Why does --user=evmli require the password of the evm group to be authenticated when --password is enabled when ldap.group-auth-pattern is enabled? Is there any other configuration required to authorize the group in ranger, so that when using the user in the group to log in and query trino, the users in this group have the same permissions as the group?