You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2016/04/02 08:14:44 UTC

Re: Review Request 45418: RANGER-898 : Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45418/#review126682
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On March 29, 2016, 9:23 a.m., Mehul Parikh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45418/
> -----------------------------------------------------------
> 
> (Updated March 29, 2016, 9:23 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and Selvamohan Neethiraj.
> 
> 
> Bugs: RANGER-898
>     https://issues.apache.org/jira/browse/RANGER-898
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** 
> If user's LDAP / AD has uppercase usernames and produce uppercase user Kerberos principals. When doing the initial user sync into Ranger, the default setting of "lower" causes all their user names to be saved in lower case, meaning they don't match the Kerberos principals that LDAP / AD is handing out. 
> It seems to me the more sensible default for both username and group case conversion should be "none" and to just use whatever the backend directory hands out, as-is, to prevent unexpected confusion such as this.
> 
> **Proposed Solution:**
> Change Ranger's default settings for below given properties :
> ldapGroupSync.username.caseConversion = "none" 
> ldapGroupSync.groupname.caseConversion = "none"
> 
> 
> Diffs
> -----
> 
>   migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py bc06a65 
>   ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties dc6fc59 
>   ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java a548957 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e46b469 
>   ugsync/src/test/resources/ranger-ugsync-site.xml 0b2c991 
>   unixauthservice/conf.dist/ranger-ugsync-default.xml 4175986 
> 
> Diff: https://reviews.apache.org/r/45418/diff/
> 
> 
> Testing
> -------
> 
> Verified Ranger manual installation with above default properties and was able to sync users and groups from LDAP instance.
> 
> 
> Thanks,
> 
> Mehul Parikh
> 
>