You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/03/17 22:51:20 UTC
[ranger] branch master updated: RANGER-3203: Added back support to allow group search to be disabled and use memberof attribute to retrieve groups

This is an automated email from the ASF dual-hosted git repository.

spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 34196d0  RANGER-3203: Added back support to allow group search to be disabled and use memberof attribute to retrieve groups
34196d0 is described below

commit 34196d031aa09ec69288c4b43dc980c205eb2b4b
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Tue Mar 16 14:10:27 2021 -0700

    RANGER-3203: Added back support to allow group search to be disabled and use memberof attribute to retrieve groups
---
 .../ldapusersync/process/LdapUserGroupBuilder.java | 38 ++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index d4f68b0..33fd67e 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -92,6 +92,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
   private String userSearchFilter;
   private String extendedUserSearchFilter;
   private SearchControls userSearchControls;
+  private Set<String> userGroupNameAttributeSet;
   private Set<String> otherUserAttributes;
 
   private boolean pagedResultsEnabled = true;
@@ -212,7 +213,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 		currentSyncSource = config.getCurrentSyncSource();
 		groupSearchFirstEnabled =   true;
 		userSearchEnabled =   config.isUserSearchEnabled();
-		groupSearchEnabled =   true;
+		groupSearchEnabled =   config.isGroupSearchEnabled();
     ldapUrl = config.getLdapUrl();
     ldapBindDn = config.getLdapBindDn();
     ldapBindPassword = config.getLdapBindPassword();
@@ -231,6 +232,10 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 
 		Set<String> userSearchAttributes = new HashSet<String>();
 		userSearchAttributes.add(userNameAttribute);
+		userGroupNameAttributeSet = config.getUserGroupNameAttributeSet();
+		for (String useGroupNameAttribute : userGroupNameAttributeSet) {
+			userSearchAttributes.add(useGroupNameAttribute);
+		}
 		userSearchAttributes.add(userCloudIdAttribute);
 		otherUserAttributes = config.getOtherUserAttributes();
 		for (String otherUserAttribute : otherUserAttributes) {
@@ -287,6 +292,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 					+ ",  extendedUserSearchFilter: " + extendedUserSearchFilter
 					+ ",  userNameAttribute: " + userNameAttribute
 					+ ",  userSearchAttributes: " + userSearchAttributes
+					+ ",  userGroupNameAttributeSet: " + userGroupNameAttributeSet
 			+ ",  otherUserAttributes: " + otherUserAttributes
           + ",  pagedResultsEnabled: " + pagedResultsEnabled
           + ",  pagedResultsSize: " + pagedResultsSize
@@ -332,6 +338,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 		sourceUsers = new HashMap<>();
 		sourceGroupUsers = new HashMap<>();
 		long highestdeltaSyncUserTime = 0;
+		long highestdeltaSyncGroupTime = 0;
 
 		if (config.isUserSyncDeletesEnabled() && deleteCycles >= config.getUserSyncDeletesFrequency()) {
 			deleteCycles = 1;
@@ -343,7 +350,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 		if (config.isUserSyncDeletesEnabled()) {
 			deleteCycles++;
 		}
-        long highestdeltaSyncGroupTime = getGroups(computeDeletes);
+		if (groupSearchEnabled) {
+			highestdeltaSyncGroupTime = getGroups(computeDeletes);
+		}
 		if (userSearchEnabled) {
 			LOG.info("Performing user search to retrieve users from AD/LDAP");
 			highestdeltaSyncUserTime = getUsers(computeDeletes);
@@ -519,6 +528,31 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 							}
 						}
 
+						// Get all the groups from the group name attribute of the user only when group search is not enabled.
+						if (!groupSearchEnabled) {
+							for (String useGroupNameAttribute : userGroupNameAttributeSet) {
+								Attribute userGroupfAttribute = userEntry.getAttributes().get(useGroupNameAttribute);
+								if (userGroupfAttribute != null) {
+									NamingEnumeration<?> groupEnum = userGroupfAttribute.getAll();
+									while (groupEnum.hasMore()) {
+										String groupDN = (String) groupEnum.next();
+										if (LOG.isDebugEnabled()) {
+											LOG.debug("Adding " + groupDN + " to " + userName);
+										}
+										Map<String, String> groupAttrMap = new HashMap<>();
+										String groupName = getShortName(groupDN);
+										groupAttrMap.put("original_name", groupName);
+										groupAttrMap.put("full_name", groupDN);
+										sourceGroups.put(groupDN, groupAttrMap);
+										if (LOG.isDebugEnabled()) {
+											LOG.debug("As groupsearch is disabled, adding group " + groupName + " from user memberof attribute for user " + userName);
+										}
+										groupUserTable.put(groupDN, userFullName, userFullName);
+									}
+								}
+							}
+						}
+
 						Map<String, String> userAttrMap = new HashMap<>();
 						userAttrMap.put(UgsyncCommonConstants.ORIGINAL_NAME, userName);
 						userAttrMap.put(UgsyncCommonConstants.FULL_NAME, userFullName);