You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Mehul Parikh <me...@freestoneinfotech.com> on 2016/03/29 11:23:57 UTC
Review Request 45418: RANGER-898 : Change Ranger's default value for
LDAP User / Group Sync Case Conversion properties to "none"
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45418/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and Selvamohan Neethiraj.
Bugs: RANGER-898
https://issues.apache.org/jira/browse/RANGER-898
Repository: ranger
Description
-------
**Problem Statement:**
If user's LDAP / AD has uppercase usernames and produce uppercase user Kerberos principals. When doing the initial user sync into Ranger, the default setting of "lower" causes all their user names to be saved in lower case, meaning they don't match the Kerberos principals that LDAP / AD is handing out.
It seems to me the more sensible default for both username and group case conversion should be "none" and to just use whatever the backend directory hands out, as-is, to prevent unexpected confusion such as this.
**Proposed Solution:**
Change Ranger's default settings for below given properties :
ldapGroupSync.username.caseConversion = "none"
ldapGroupSync.groupname.caseConversion = "none"
Diffs
-----
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py bc06a65
ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties dc6fc59
ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java a548957
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e46b469
ugsync/src/test/resources/ranger-ugsync-site.xml 0b2c991
unixauthservice/conf.dist/ranger-ugsync-default.xml 4175986
Diff: https://reviews.apache.org/r/45418/diff/
Testing
-------
Verified Ranger manual installation with above default properties and was able to sync users and groups from LDAP instance.
Thanks,
Mehul Parikh
Re: Review Request 45418: RANGER-898 : Change Ranger's default value
for LDAP User / Group Sync Case Conversion properties to "none"
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45418/#review126682
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On March 29, 2016, 9:23 a.m., Mehul Parikh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45418/
> -----------------------------------------------------------
>
> (Updated March 29, 2016, 9:23 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and Selvamohan Neethiraj.
>
>
> Bugs: RANGER-898
> https://issues.apache.org/jira/browse/RANGER-898
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:**
> If user's LDAP / AD has uppercase usernames and produce uppercase user Kerberos principals. When doing the initial user sync into Ranger, the default setting of "lower" causes all their user names to be saved in lower case, meaning they don't match the Kerberos principals that LDAP / AD is handing out.
> It seems to me the more sensible default for both username and group case conversion should be "none" and to just use whatever the backend directory hands out, as-is, to prevent unexpected confusion such as this.
>
> **Proposed Solution:**
> Change Ranger's default settings for below given properties :
> ldapGroupSync.username.caseConversion = "none"
> ldapGroupSync.groupname.caseConversion = "none"
>
>
> Diffs
> -----
>
> migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py bc06a65
> ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties dc6fc59
> ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java a548957
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e46b469
> ugsync/src/test/resources/ranger-ugsync-site.xml 0b2c991
> unixauthservice/conf.dist/ranger-ugsync-default.xml 4175986
>
> Diff: https://reviews.apache.org/r/45418/diff/
>
>
> Testing
> -------
>
> Verified Ranger manual installation with above default properties and was able to sync users and groups from LDAP instance.
>
>
> Thanks,
>
> Mehul Parikh
>
>