[
https://issues.apache.org/jira/browse/RANGER-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17304409#comment-17304409
]
Sailaja Polavarapu commented on RANGER-3203:
--------------------------------------------
Merged follow-up minor fix ([https://reviews.apache.org/r/73240/)] to both
master and ranger-2.2 branches
> Add back the support to provide option to retrieve groups from user memberof
> attribute
> --------------------------------------------------------------------------------------
>
> Key: RANGER-3203
> URL: https://issues.apache.org/jira/browse/RANGER-3203
> Project: Ranger
> Issue Type: Bug
> Components: Ranger, usersync
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
> Attachments:
> 0001-RANGER-3203-Added-back-support-to-allow-group-search.patch
>
>
> As part of RANGER-2986, group search is made mandatory. This is breaking an
> usecase to sync users and all the corresponding groups from AD/LDAP.
> Previously, this could be achieved by setting
> ranger.usersync.group.searchenabled to false and configure
> ranger.usersync.ldap.user.groupnameattribute=memberof. That way, usersync
> used to sync the users based on the user search base and user search filter
> and use the "memberof" attribute of the user to sync all the groups each user
> belongs to.
> Now, if you want to achieve the same functionality, group search base and
> group search filter have to be configured with appropriate filters for
> sync'ing the groups which might be an extra configuration overhead.
> This is same for both full sync and incremental sync.
> Note:- When incremental sync is enabled, it is highly recommended to enable
> group search and configure group search base and group search filter
> accordingly. (Refer to RANGER-1211 for more details)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
