You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2016/02/18 23:44:04 UTC
Re: Review Request 43433: Ranger-722: StartTLS support for Ranger
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43433/
-----------------------------------------------------------
(Updated Feb. 18, 2016, 10:44 p.m.)
Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
Rebuilt the patch with the latest master changes in order to resolve conflicts.
Bugs: Ranger-722
https://issues.apache.org/jira/browse/Ranger-722
Repository: ranger
Description
-------
Added support to use StartTLS for ranger usersync. As part of this support, a new usersync config property (ranger.usersync.ldap.starttls) is added and is set to false by default. This property can be added as a custom property for usersync for now.
Diffs (updated)
-----
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java 827b450
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6c3aa74
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e342cae
Diff: https://reviews.apache.org/r/43433/diff/
Testing
-------
1. Tested without starttls option for regression.
2. Tested with StartTLS option enabled against AD & OpenLdap servers. Validated the connection by capturing traces during usersync LDAP connection.
3. Also performed negative testing by not adding proper certs to validate the server cert during SSL handshake.
Thanks,
Sailaja Polavarapu
Re: Review Request 43433: Ranger-722: StartTLS support for Ranger
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43433/#review119917
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Feb. 18, 2016, 10:44 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43433/
> -----------------------------------------------------------
>
> (Updated Feb. 18, 2016, 10:44 p.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: Ranger-722
> https://issues.apache.org/jira/browse/Ranger-722
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added support to use StartTLS for ranger usersync. As part of this support, a new usersync config property (ranger.usersync.ldap.starttls) is added and is set to false by default. This property can be added as a custom property for usersync for now.
>
>
> Diffs
> -----
>
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java 827b450
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6c3aa74
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e342cae
>
> Diff: https://reviews.apache.org/r/43433/diff/
>
>
> Testing
> -------
>
> 1. Tested without starttls option for regression.
> 2. Tested with StartTLS option enabled against AD & OpenLdap servers. Validated the connection by capturing traces during usersync LDAP connection.
> 3. Also performed negative testing by not adding proper certs to validate the server cert during SSL handshake.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>