Rob Vesse created RANGER-1615:
---------------------------------
Summary: LdapUserGroupBuilder and LdapDeltaUserGroupBuilder build
LDAP group filter inconsistently
Key: RANGER-1615
URL: https://issues.apache.org/jira/browse/RANGER-1615
Project: Ranger
Issue Type: Bug
Components: usersync
Affects Versions: master
Reporter: Rob Vesse
The {{LdapDeltaUserGroupBuilder}} constructs the LDAP filter in a way that is
inconsistent with {{LdapUserGroupBuilder}} and generates a potentially invalid
filter:
{noformat}
extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(|(" +
groupMemberAttributeName + "={0})(" + groupMemberAttributeName + "={1})))";
{noformat}
Resulting in the following in the logs:
{noformat}
25 May 2017 04:23:11 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder initialization completed with --
groupSearchEnabled: true, groupSearchBase: [dc=local], groupSearchScope: 2,
groupObjectClass: posixGroup, groupSearchFilter: , extendedGroupSearchFilter:
(&null(|(memberUid={0})(memberUid={1}))), extendedAllGroupsSearchFilter: null,
groupMemberAttributeName: memberUid, groupNameAttribute: cn,
groupSearchAttributes: [uSNChanged, memberUid, cn, modifytimestamp],
groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false,
userSearchEnabled: false, ldapReferral: ignore
{noformat}
NB - Various bits of the log line deleted for security purposes
Note the {{&null}} present in the filter
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
