You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2018/01/19 23:16:14 UTC
ranger git commit: RANGER-1957: Fixed code to sync all the users
during periodic sync when there are updates to groups
Repository: ranger
Updated Branches:
refs/heads/master 13d1b185f -> 0d9d8aed2
RANGER-1957: Fixed code to sync all the users during periodic sync when there are updates to groups
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0d9d8aed
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0d9d8aed
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0d9d8aed
Branch: refs/heads/master
Commit: 0d9d8aed2b9e3caddfb077b4a122e09982e1c0e0
Parents: 13d1b18
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Thu Jan 18 12:25:46 2018 -0800
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Thu Jan 18 12:25:46 2018 -0800
----------------------------------------------------------------------
.../process/LdapDeltaUserGroupBuilder.java | 53 +++++++++++---------
1 file changed, 30 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/0d9d8aed/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index 17682ba..2852b32 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -372,6 +372,12 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
new PagedResultsControl(pagedResultsSize, Control.NONCRITICAL) });
}
DateFormat dateFormat = new SimpleDateFormat("yyyyMMddhhmmss");
+ if (groupSearchFirstEnabled && groupUserTable.rowKeySet().size() != 0) {
+ // Fix RANGER-1957: Perform full sync when group search is enabled and when there are updates to the groups
+ deltaSyncUserTime = 0;
+ deltaSyncUserTimeStamp = dateFormat.format(new Date(0));
+ }
+
extendedUserSearchFilter = "(objectclass=" + userObjectClass + ")(|(uSNChanged>=" + deltaSyncUserTime + ")(modifyTimestamp>=" + deltaSyncUserTimeStamp + "Z))";
if (userSearchFilter != null && !userSearchFilter.trim().isEmpty()) {
@@ -498,32 +504,13 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
LOG.error("sink.addOrUpdateUserGroups failed with exception: " + t.getMessage()
+ ", for user: " + transformUserName + " and groups: " + groupList);
}
- counter++;
- if (counter <= 2000) {
- if (LOG.isInfoEnabled()) {
- LOG.info("Updating user count: " + counter
- + ", userName: " + userName + ", groupList: "
- + groupList);
- }
- if ( counter == 2000 ) {
- LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
- }
- } else {
- if (LOG.isTraceEnabled()) {
- LOG.trace("Updating user count: " + counter
- + ", userName: " + userName + ", groupList: "
- + groupList);
- } else {
- if ( counter % 100 == 0) {
- LOG.info("Synced " + counter + " users till now");
- }
- }
- }
+ counter++;
} else {
// If the user from the search result is present in the group user table,
// then addorupdate user to ranger admin.
LOG.debug("Chekcing if the user " + userFullName + " is part of the retrieved groups");
- if (groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName)) {
+ if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName))
+ && !userNameMap.containsKey(userFullName)) {
String transformUserName = userNameTransform(userName);
try {
sink.addOrUpdateUser(transformUserName);
@@ -538,9 +525,29 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + transformUserName + " for " + entry.getKey());
groupUserTable.put(entry.getKey(), userFullName, transformUserName);
}
+ counter++;
}
}
+ if (counter <= 2000) {
+ if (LOG.isInfoEnabled()) {
+ LOG.info("Updating user count: " + counter
+ + ", userName: " + userName);
+ }
+ if ( counter == 2000 ) {
+ LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
+ }
+ } else {
+ if (LOG.isTraceEnabled()) {
+ LOG.trace("Updating user count: " + counter
+ + ", userName: " + userName);
+ } else {
+ if ( counter % 100 == 0) {
+ LOG.info("Synced " + counter + " users till now");
+ }
+ }
+ }
+
}
// Examine the paged results control response
@@ -579,7 +586,7 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
}
if (deltaSyncUserTime < highestdeltaSyncUserTime) {
// Incrementing highestdeltaSyncUserTime (for AD) in order to avoid search record repetition for next sync cycle.
- deltaSyncUserTime = highestdeltaSyncUserTime+1;
+ deltaSyncUserTime = highestdeltaSyncUserTime + 1;
// Incrementing the highest timestamp value (for Openldap) with 1sec in order to avoid search record repetition for next sync cycle.
deltaSyncUserTimeStamp = dateFormat.format(new Date(highestdeltaSyncUserTime + 60l));
}