You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (Jira)" <ji...@apache.org> on 2022/12/22 00:43:00 UTC
[jira] [Assigned] (RANGER-4026) Provide option to update group memberships when same users/groups are synced from different sync sources
[ https://issues.apache.org/jira/browse/RANGER-4026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Polavarapu reassigned RANGER-4026:
------------------------------------------
Assignee: Sailaja Polavarapu
> Provide option to update group memberships when same users/groups are synced from different sync sources
> --------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4026
> URL: https://issues.apache.org/jira/browse/RANGER-4026
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
>
> RANGER-3254 implemented a change in user/group mapping so that sync source is taken into account when a group name matches multiple sources. LDAP users belonging to a group like "CN=mygroup" will not be synced in Ranger if there is an existing "mygroup" that was imported by UnixUserGroupBuilder.
> This breaks a very common use case where posix users and groups are synced to the OS from an LDAP backend using SSSD, Centrify, or similar utilities. In those cases, both the linux OS and LDAP/AD are using the same identity repository. If Ranger imported a set of users and groups from one sync source, and then later switches to another, group mappings break and users don't get all of their groups.
> Provide an option for customers to treat users/groups from multiple sync sources as same for updating group memberships.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)