You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Hanish Bansal <ha...@impetus.co.in> on 2015/06/22 09:02:34 UTC

LDAP Sync issues

Hi All,


I am facing some issues while importing users from LDAP using UserSyncService. (Using Ranger 0.4.0 version)


1. Ranger is accepting only "cn" value from LDAP, Not accepting uid, sn, and email address.

I have created a user into ldap which has
cn- Mike Hemmingway
sn- Hemmingway
uid- mike
emailaddress- mike@gmail.com<ma...@gmail.com>


Every organization contains atleast above 4 details of users which are not
migrating correctly into Ranger.

When it's migrating on Ranger then it's showing-
User Name- Mike Hemmingway
First name- Mike Hemmingway
Last name- Mike Hemmingway
Email address- <blank>

2. When deleting user from ldap then user sync service is not deleting user from ranger

Steps:

(a) Create a user into LDAP
(b) It will display on ranger admin UI after some time as user sync service is running.
(c) Delete the created user

As user sync service is running so it should remove user from ranger as well
which is not happening currently.

Ideally usersync service should take care for it. Any changes into ldap
directory should get reflected on ranger.

Please let me know your thoughts on this.


-------
Thanks & Regards,
Hanish Bansal

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

Re: LDAP Sync issues

Posted by Hanish Bansal <ha...@impetus.co.in>.
Thanks Loic for response !


I have filed the JIRA for 1st issue:

https://issues.apache.org/jira/browse/RANGER-567


-------
Thanks & Regards,
Hanish Bansal
Software Engineer, iLabs
Impetus Infotech Pvt. Ltd.
(O) :  +91.120.4092200-2790
(M) : +91.9953399925
________________________________
From: Loïc Chanel <lo...@telecomnancy.net>
Sent: Wednesday, June 24, 2015 1:16 PM
To: user@ranger.incubator.apache.org
Subject: Re: LDAP Sync issues

Hi,

For your first issue, as far as I know Ranger UserSync service combined with a LDAP, it seems that you can only pull one attribute from your LDAP to create your user, but that attribute can be cn, dn, or email as well : you can configure it through the property SYNC_LDAP_USER_NAME_ATTRIBUTE in Ambari web interface.

But yes, basically, this attribute will be the User name, its First name and its Last name, as this is the only information Ranger gather about the user from the LDAP.

I am not aware of the development of a more complete mapping from LDAP user attributes to Ranger user ones, but feel free to create a JIRA about it.

As I have not experienced your third issue I can't answer it, but I'm very interested in the discussion as I am using it myself.
Regards,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-06-24 6:53 GMT+02:00 Hanish Bansal <ha...@impetus.co.in>>:

Any update or suggestions on this?


I found a JIRA filed for 2nd issue https://issues.apache.org/jira/browse/RANGER-321.<https://issues.apache.org/jira/browse/RANGER-321>


I would like to know more about 1st and 3rd issue.


-------
Thanks & Regards,
Hanish Bansal
Software Engineer, iLabs
Impetus Infotech Pvt. Ltd.
(O) :  +91.120.4092200<tel:%2B91.120.4092200>-2790
(M) : +91.9953399925<tel:%2B91.9953399925>
________________________________
From: Hanish Bansal <ha...@impetus.co.in>>
Sent: Tuesday, June 23, 2015 12:12 PM
To: user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>
Subject: Re: LDAP Sync issues


Adding one more issue:


3. When changing the cn into ldap then it's creating another user into ranger with the changed name.


I would like to know the expected behavior. Is there any configuration issues or these issues are fixed in Ranger 0.5.0 version


-------
Thanks & Regards,
Hanish Bansal
________________________________
From: Hanish Bansal <ha...@impetus.co.in>>
Sent: Monday, June 22, 2015 12:32 PM
To: user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>
Subject: LDAP Sync issues


Hi All,


I am facing some issues while importing users from LDAP using UserSyncService. (Using Ranger 0.4.0 version)


1. Ranger is accepting only "cn" value from LDAP, Not accepting uid, sn, and email address.

I have created a user into ldap which has
cn- Mike Hemmingway
sn- Hemmingway
uid- mike
emailaddress- mike@gmail.com<ma...@gmail.com>


Every organization contains atleast above 4 details of users which are not
migrating correctly into Ranger.

When it's migrating on Ranger then it's showing-
User Name- Mike Hemmingway
First name- Mike Hemmingway
Last name- Mike Hemmingway
Email address- <blank>

2. When deleting user from ldap then user sync service is not deleting user from ranger

Steps:

(a) Create a user into LDAP
(b) It will display on ranger admin UI after some time as user sync service is running.
(c) Delete the created user

As user sync service is running so it should remove user from ranger as well
which is not happening currently.

Ideally usersync service should take care for it. Any changes into ldap
directory should get reflected on ranger.

Please let me know your thoughts on this.


-------
Thanks & Regards,
Hanish Bansal

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.


________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

Re: LDAP Sync issues

Posted by Loïc Chanel <lo...@telecomnancy.net>.
Hi,

For your first issue, as far as I know Ranger UserSync service combined
with a LDAP, it seems that you can only pull one attribute from your LDAP
to create your user, but that attribute can be cn, dn, or email as well :
you can configure it through the property SYNC_LDAP_USER_NAME_ATTRIBUTE in
Ambari web interface.

But yes, basically, this attribute will be the User name, its First name
and its Last name, as this is the only information Ranger gather about the
user from the LDAP.

I am not aware of the development of a more complete mapping from LDAP user
attributes to Ranger user ones, but feel free to create a JIRA about it.

As I have not experienced your third issue I can't answer it, but I'm very
interested in the discussion as I am using it myself.
Regards,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-06-24 6:53 GMT+02:00 Hanish Bansal <ha...@impetus.co.in>:

>  Any update or suggestions on this?
>
>
>  I found a JIRA filed for 2nd issue
> https://issues.apache.org/jira/browse/RANGER-321.
> <https://issues.apache.org/jira/browse/RANGER-321>
>
>
>  I would like to know more about 1st and 3rd issue.
>
>
>      -------
>
> *Thanks & Regards, Hanish Bansal*
> Software Engineer, iLabs
> Impetus Infotech Pvt. Ltd.
> (O) :  +91.120.4092200-2790
> (M) : +91.9953399925
>      ------------------------------
> *From:* Hanish Bansal <ha...@impetus.co.in>
> *Sent:* Tuesday, June 23, 2015 12:12 PM
> *To:* user@ranger.incubator.apache.org
> *Subject:* Re: LDAP Sync issues
>
>
> Adding one more issue:
>
>
>  3. When changing the cn into ldap then it's creating another user into
> ranger with the changed name.
>
>
>  I would like to know the expected behavior. Is there any configuration
> issues or these issues are fixed in Ranger 0.5.0 version
>
>
>      -------
>
> *Thanks & Regards, Hanish Bansal*
>       ------------------------------
> *From:* Hanish Bansal <ha...@impetus.co.in>
> *Sent:* Monday, June 22, 2015 12:32 PM
> *To:* user@ranger.incubator.apache.org
> *Subject:* LDAP Sync issues
>
>
> Hi All,
>
>
>  I am facing some issues while importing users from LDAP using
> UserSyncService. (Using Ranger 0.4.0 version)
>
>
>  1. Ranger is accepting only "cn" value from LDAP, Not accepting uid, sn,
> and email address.
>
> I have created a user into ldap which has
> cn- Mike Hemmingway
> sn- Hemmingway
> uid- mike
> emailaddress- mike@gmail.com
>
> Every organization contains atleast above 4 details of users which are not
> migrating correctly into Ranger.
>
> When it's migrating on Ranger then it's showing-
> User Name- Mike Hemmingway
> First name- Mike Hemmingway
> Last name- Mike Hemmingway
> Email address- <blank>
>
> 2. When deleting user from ldap then user sync service is not deleting user from ranger
>
> Steps:
>
> (a) Create a user into LDAP
> (b) It will display on ranger admin UI after some time as user sync service is running.
> (c) Delete the created user
> As user sync service is running so it should remove user from ranger as well
> which is not happening currently.
>
> Ideally usersync service should take care for it. Any changes into ldap
> directory should get reflected on ranger.
>
> Please let me know your thoughts on this.
>
>
>      -------
>
> *Thanks & Regards, Hanish Bansal*
>
> ------------------------------
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>
> ------------------------------
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>
> ------------------------------
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>

Re: LDAP Sync issues

Posted by Hanish Bansal <ha...@impetus.co.in>.
Any update or suggestions on this?


I found a JIRA filed for 2nd issue https://issues.apache.org/jira/browse/RANGER-321.<https://issues.apache.org/jira/browse/RANGER-321>


I would like to know more about 1st and 3rd issue.


-------
Thanks & Regards,
Hanish Bansal
Software Engineer, iLabs
Impetus Infotech Pvt. Ltd.
(O) :  +91.120.4092200-2790
(M) : +91.9953399925
________________________________
From: Hanish Bansal <ha...@impetus.co.in>
Sent: Tuesday, June 23, 2015 12:12 PM
To: user@ranger.incubator.apache.org
Subject: Re: LDAP Sync issues


Adding one more issue:


3. When changing the cn into ldap then it's creating another user into ranger with the changed name.


I would like to know the expected behavior. Is there any configuration issues or these issues are fixed in Ranger 0.5.0 version


-------
Thanks & Regards,
Hanish Bansal
________________________________
From: Hanish Bansal <ha...@impetus.co.in>
Sent: Monday, June 22, 2015 12:32 PM
To: user@ranger.incubator.apache.org
Subject: LDAP Sync issues


Hi All,


I am facing some issues while importing users from LDAP using UserSyncService. (Using Ranger 0.4.0 version)


1. Ranger is accepting only "cn" value from LDAP, Not accepting uid, sn, and email address.

I have created a user into ldap which has
cn- Mike Hemmingway
sn- Hemmingway
uid- mike
emailaddress- mike@gmail.com<ma...@gmail.com>


Every organization contains atleast above 4 details of users which are not
migrating correctly into Ranger.

When it's migrating on Ranger then it's showing-
User Name- Mike Hemmingway
First name- Mike Hemmingway
Last name- Mike Hemmingway
Email address- <blank>

2. When deleting user from ldap then user sync service is not deleting user from ranger

Steps:

(a) Create a user into LDAP
(b) It will display on ranger admin UI after some time as user sync service is running.
(c) Delete the created user

As user sync service is running so it should remove user from ranger as well
which is not happening currently.

Ideally usersync service should take care for it. Any changes into ldap
directory should get reflected on ranger.

Please let me know your thoughts on this.


-------
Thanks & Regards,
Hanish Bansal

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

Re: LDAP Sync issues

Posted by Hanish Bansal <ha...@impetus.co.in>.
Adding one more issue:


3. When changing the cn into ldap then it's creating another user into ranger with the changed name.


I would like to know the expected behavior. Is there any configuration issues or these issues are fixed in Ranger 0.5.0 version


-------
Thanks & Regards,
Hanish Bansal
________________________________
From: Hanish Bansal <ha...@impetus.co.in>
Sent: Monday, June 22, 2015 12:32 PM
To: user@ranger.incubator.apache.org
Subject: LDAP Sync issues


Hi All,


I am facing some issues while importing users from LDAP using UserSyncService. (Using Ranger 0.4.0 version)


1. Ranger is accepting only "cn" value from LDAP, Not accepting uid, sn, and email address.

I have created a user into ldap which has
cn- Mike Hemmingway
sn- Hemmingway
uid- mike
emailaddress- mike@gmail.com<ma...@gmail.com>


Every organization contains atleast above 4 details of users which are not
migrating correctly into Ranger.

When it's migrating on Ranger then it's showing-
User Name- Mike Hemmingway
First name- Mike Hemmingway
Last name- Mike Hemmingway
Email address- <blank>

2. When deleting user from ldap then user sync service is not deleting user from ranger

Steps:

(a) Create a user into LDAP
(b) It will display on ranger admin UI after some time as user sync service is running.
(c) Delete the created user

As user sync service is running so it should remove user from ranger as well
which is not happening currently.

Ideally usersync service should take care for it. Any changes into ldap
directory should get reflected on ranger.

Please let me know your thoughts on this.


-------
Thanks & Regards,
Hanish Bansal

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

________________________________






NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.