[
https://issues.apache.org/jira/browse/RANGER-1735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16484539#comment-16484539
]
Sailaja Polavarapu commented on RANGER-1735:
--------------------------------------------
[~aaneja],
Thanks for posting the question here.
>From section 2.1.1. Exceptions/Considerations in the design doc I tried to
>capture this but I should have provided some example.
>> All the usersync configuration is applied on top of nested group evaluation
In the above case Group3 is not retrieved as the group search filter from
usersync configuration doesn't contain Group3 even though it is part of the
nested group evaluation.
> Support representing nested group memberships in Ranger Admin
> -------------------------------------------------------------
>
> Key: RANGER-1735
> URL: https://issues.apache.org/jira/browse/RANGER-1735
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger, usersync
> Affects Versions: 0.7.1
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 1.0.0, 0.7.2
>
> Attachments:
> 0001-RANGER-1735-Support-representing-nested-group-member.patch, Ranger
> Usersync - Nested Group Support.docx
>
>
> Several large enterprises have their groups in LDAP/AD nested within other
> groups. Since Ranger user sync currently only pulls in the immediate group,
> it is possible that some nested memberships might not be available for policy
> authoring. Hadoop user-group mapping already supports nested LDAP/AD groups
> for policy enforcement at the Ranger plugin.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
