[
https://issues.apache.org/jira/browse/RANGER-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16149683#comment-16149683
]
Don Bosco Durai commented on RANGER-1486:
-----------------------------------------
[~jonesn], I don't have any concern about adding another user source. In fact,
it is designed to support custom user sync modules.
The main challenge in the Hadoop world is that the user to group mapping is
done at the Hadoop User Group level. In other words, if the respective
components can't get the same groups (as mapped in Atlas) during runtime, then
regardless what groups are in Ranger, it would not matter.
If Atlas is considering/filtering only the groups within AD/LDAP, then my
concern is not valid.
Thanks
> New usersync alternative for Atlas (vdc)
> ----------------------------------------
>
> Key: RANGER-1486
> URL: https://issues.apache.org/jira/browse/RANGER-1486
> Project: Ranger
> Issue Type: New Feature
> Components: usersync
> Reporter: Nigel Jones
> Assignee: Nigel Jones
> Labels: VirtualDataConnector
>
> As part of the Atlas Virtualization Data Connector work we are using this
> within a large enterprise with a lot of users & groups stored in ldap.
> The connector -- which has a ranger plugin to apply access control policies
> -- is used by a relatively small subset of these users. However that can't
> easily be transcribed to an optimal ldap query.
> Since Atlas will have the definitive list of roles that are being used, this
> new usersync will instead retrieve a list of roles from Atlas, and will then
> use this list to retrieve only those users found in this list of roles from
> LDAP.
> This is an alternative usersync so shouldn't conflict and will use the same
> ranger APIs
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
