[
https://issues.apache.org/jira/browse/RANGER-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16150804#comment-16150804
]
Don Bosco Durai commented on RANGER-1486:
-----------------------------------------
Assuming the groups coming from Atlas will be a subset from LDAP, I am okay. If
not, we have to ensure that Hadoop is aware of the additional groups, else it
will be misleading to the admin setting up the policies.
> New usersync alternative for Atlas (vdc)
> ----------------------------------------
>
> Key: RANGER-1486
> URL: https://issues.apache.org/jira/browse/RANGER-1486
> Project: Ranger
> Issue Type: New Feature
> Components: usersync
> Reporter: Nigel Jones
> Assignee: Nigel Jones
> Labels: VirtualDataConnector
>
> As part of the Atlas Virtualization Data Connector work we are using this
> within a large enterprise with a lot of users & groups stored in ldap.
> The connector -- which has a ranger plugin to apply access control policies
> -- is used by a relatively small subset of these users. However that can't
> easily be transcribed to an optimal ldap query.
> Since Atlas will have the definitive list of roles that are being used, this
> new usersync will instead retrieve a list of roles from Atlas, and will then
> use this list to retrieve only those users found in this list of roles from
> LDAP.
> This is an alternative usersync so shouldn't conflict and will use the same
> ranger APIs
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
