You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Sailaja Polavarapu (Jira)" <ji...@apache.org> on 2021/03/08 22:43:00 UTC

[jira] [Created] (RANGER-3203) Add back the support to provide option to retrieve groups from user memberof attribute

Sailaja Polavarapu created RANGER-3203:
------------------------------------------

             Summary: Add back the support to provide option to retrieve groups from user memberof attribute
                 Key: RANGER-3203
                 URL: https://issues.apache.org/jira/browse/RANGER-3203
             Project: Ranger
          Issue Type: Bug
          Components: Ranger, usersync
            Reporter: Sailaja Polavarapu
            Assignee: Sailaja Polavarapu


As part of RANGER-2986, group search is made mandatory. This is breaking an usecase where customer wants to sync users and all the corresponding groups. 

Previously, this could be achieved by setting ranger.usersync.group.searchenabled to false and  configure ranger.usersync.ldap.user.groupnameattribute=memberof. That way, usersync used to sync the users based on the user search base and user search filter and use the "memberof" attribute of the user to sync all the groups each user belongs to.

Now, if you want to achieve the same functionality, group search base and group search filter have to be configured with appropriate filters for sync'ing the groups which might be an extra overhead for the customers.

This is same for both full sync and incremental sync.

Note:- When incremental sync is enabled, it is highly recommended to enable group search and configure group search base and group search filter accordingly. (Refer to RANGER-1211 for more details)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)