AD usersync - delete synced user after removed from AD

[Margus Roo <ma...@roo.ee>]

Hi

Perhaps I did something wrong, but I noticed that after I removed User 
from AD it is still in my Ranger Users list.
How it is meant to be? Is it possible at all?

-- 
Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780

Re: AD usersync - delete synced user after removed from AD

[Balaji Ganesan <ba...@gmail.com>]

We should include the ability to delete users/groups through the Ranger UI.

On Thu, Jan 7, 2016 at 1:07 PM, Don Bosco Durai <bo...@apache.org> wrote:

> Marcus
>
> Deleting is a tricky thing. Since we can’t listen to AD delete events, the
> only way to implement is during synchronous, if the user is not retrieved,
> then *assume* the user is deleted.
>
> If we go by this assumption, then if there are any manual configuration
> error, e.g. Admin mis-configures the filter condition and it didn’t sync
> all the users, then if we auto delete the users, any policies the user is
> associated will be lost.
>
> To play it safe, we decided not to auto-delete the users. But I think,
> there is an API to delete the user. So you will have write your own
> script...
>
> So depending upon your requirements, there might a work around available.
>
> Also, if you any requirement suggestions, we can discuss it.
>
> Thanks
>
> Bosco
>
>
>
>
>
> On 1/7/16, 3:21 AM, "Margus Roo" <ma...@roo.ee> wrote:
>
> >Tnx for the answer.
> >Is there any reason why is that? Am I the first who need to delete using
> >sync?
> >And is there best practice to achieve it?
> >
> >Margus (margusja) Roo
> >http://margus.roo.ee
> >skype: margusja
> >+372 51 48 780
> >
> >On 07/01/16 13:02, Arvind S wrote:
> >> Ranger does not delete the user. You will have to manually delete from
> >> ranger.
> >
>
>

Re: AD usersync - delete synced user after removed from AD

[Don Bosco Durai <bo...@apache.org>]

Marcus

Deleting is a tricky thing. Since we can’t listen to AD delete events, the only way to implement is during synchronous, if the user is not retrieved, then *assume* the user is deleted.

If we go by this assumption, then if there are any manual configuration error, e.g. Admin mis-configures the filter condition and it didn’t sync all the users, then if we auto delete the users, any policies the user is associated will be lost.

To play it safe, we decided not to auto-delete the users. But I think, there is an API to delete the user. So you will have write your own script...

So depending upon your requirements, there might a work around available.

Also, if you any requirement suggestions, we can discuss it.

Thanks

Bosco

 



On 1/7/16, 3:21 AM, "Margus Roo" <ma...@roo.ee> wrote:

>Tnx for the answer.
>Is there any reason why is that? Am I the first who need to delete using 
>sync?
>And is there best practice to achieve it?
>
>Margus (margusja) Roo
>http://margus.roo.ee
>skype: margusja
>+372 51 48 780
>
>On 07/01/16 13:02, Arvind S wrote:
>> Ranger does not delete the user. You will have to manually delete from 
>> ranger.
>

Re: AD usersync - delete synced user after removed from AD

[Margus Roo <ma...@roo.ee>]

Tnx for the answer.
Is there any reason why is that? Am I the first who need to delete using 
sync?
And is there best practice to achieve it?

Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780

On 07/01/16 13:02, Arvind S wrote:
> Ranger does not delete the user. You will have to manually delete from 
> ranger.

Re: AD usersync - delete synced user after removed from AD

[Arvind S <ar...@gmail.com>]

Ranger does not delete the user. You will have to manually delete from
ranger.
On 07-Jan-2016 3:09 pm, "Margus Roo" <ma...@roo.ee> wrote:

> Hi
>
> Perhaps I did something wrong, but I noticed that after I removed User
> from AD it is still in my Ranger Users list.
> How it is meant to be? Is it possible at all?
>
> --
> Margus (margusja) Roo
> http://margus.roo.ee
> skype: margusja
> +372 51 48 780
>
>