[
https://issues.apache.org/jira/browse/RANGER-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sailaja Polavarapu updated RANGER-3203:
---------------------------------------
Description:
As part of RANGER-2986, group search is made mandatory. This is breaking an
usecase to sync users and all the corresponding groups from AD/LDAP.
Previously, this could be achieved by setting
ranger.usersync.group.searchenabled to false and configure
ranger.usersync.ldap.user.groupnameattribute=memberof. That way, usersync used
to sync the users based on the user search base and user search filter and use
the "memberof" attribute of the user to sync all the groups each user belongs
to.
Now, if you want to achieve the same functionality, group search base and group
search filter have to be configured with appropriate filters for sync'ing the
groups which might be an extra configuration overhead.
This is same for both full sync and incremental sync.
Note:- When incremental sync is enabled, it is highly recommended to enable
group search and configure group search base and group search filter
accordingly. (Refer to RANGER-1211 for more details)
was:
As part of RANGER-2986, group search is made mandatory. This is breaking an
usecase to sync users and all the corresponding groups from AD/LDAP.
Previously, this could be achieved by setting
ranger.usersync.group.searchenabled to false and configure
ranger.usersync.ldap.user.groupnameattribute=memberof. That way, usersync used
to sync the users based on the user search base and user search filter and use
the "memberof" attribute of the user to sync all the groups each user belongs
to.
Now, if you want to achieve the same functionality, group search base and group
search filter have to be configured with appropriate filters for sync'ing the
groups which might be an extra overhead.
This is same for both full sync and incremental sync.
Note:- When incremental sync is enabled, it is highly recommended to enable
group search and configure group search base and group search filter
accordingly. (Refer to RANGER-1211 for more details)
> Add back the support to provide option to retrieve groups from user memberof
> attribute
> --------------------------------------------------------------------------------------
>
> Key: RANGER-3203
> URL: https://issues.apache.org/jira/browse/RANGER-3203
> Project: Ranger
> Issue Type: Bug
> Components: Ranger, usersync
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
>
> As part of RANGER-2986, group search is made mandatory. This is breaking an
> usecase to sync users and all the corresponding groups from AD/LDAP.
> Previously, this could be achieved by setting
> ranger.usersync.group.searchenabled to false and configure
> ranger.usersync.ldap.user.groupnameattribute=memberof. That way, usersync
> used to sync the users based on the user search base and user search filter
> and use the "memberof" attribute of the user to sync all the groups each user
> belongs to.
> Now, if you want to achieve the same functionality, group search base and
> group search filter have to be configured with appropriate filters for
> sync'ing the groups which might be an extra configuration overhead.
> This is same for both full sync and incremental sync.
> Note:- When incremental sync is enabled, it is highly recommended to enable
> group search and configure group search base and group search filter
> accordingly. (Refer to RANGER-1211 for more details)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
