Gautam Borad created AMBARI-15153:
-------------------------------------
Summary: Change Ranger's default value for LDAP Group Sync Case
Conversion properties to "none"
Key: AMBARI-15153
URL: https://issues.apache.org/jira/browse/AMBARI-15153
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.2.0
Reporter: Gautam Borad
Assignee: Gautam Borad
Fix For: 2.4.0
*Use Case:*
If user's LDAP / AD has uppercase usernames and produce uppercase user
Kerberos principals. When doing the initial user sync into Ranger, the default
setting of "lower" causes all their user names to be saved in lower case,
meaning they don't match the Kerberos principals that LDAP / AD is handing out.
It seems to me the more sensible default for both username and group case
conversion should be "none" and to just use whatever the backend directory
hands out, as-is, to prevent unexpected confusion such as this.
*Proposed Solution:*
Change Ranger's default settings for below given properties :
ldapGroupSync.username.caseConversion = "none"
ldapGroupSync.groupname.caseConversion = "none"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
