[ https://issues.apache.org/jira/browse/RANGER-3630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Polavarapu reassigned RANGER-3630: ------------------------------------------ Assignee: Sailaja Polavarapu > Support wildcards, group short names, and list of memberof attribute DNs for > computing user search filter > --------------------------------------------------------------------------------------------------------- > > Key: RANGER-3630 > URL: https://issues.apache.org/jira/browse/RANGER-3630 > Project: Ranger > Issue Type: New Feature > Components: Ranger, usersync > Reporter: Sailaja Polavarapu > Assignee: Sailaja Polavarapu > Priority: Major > > Ranger Usersync provides multiple configuration properties to sync users & > groups from AD/LDAP. One of the key configuration properties is the User > Search filter (ranger.usersync.ldap.user.searchfilter). Currently, the value > of user search filter must be a valid ldap search filter and is used by > ranger usersync “as is” to limit the no. of users to be sync’d from AD/LDAP. > Example values include: > # samaccountname=* > ** Syncs all users from a given user search base > # (|(memberof=CN=finance,ou=Hadoop > Groups,dc=apache,dc=org)(memberof=CN=eng_dev,ou=Hadoop > Groups,dc=apache,dc=org)(memberof=CN=eng_testing,ou=Hadoop > Groups,dc=apache,dc=org)) > ** Sync users that are members of finance, eng_dev, and eng_testing groups > According to [Microsoft > documentation|https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx], > the wildcard character * is not allowed when the <AD Attribute> is a DN > attribute. Examples of DN attributes are distinguishedName, manager, > directReports, member, and memberOf. If users need to be sync'd from multiple > Active Directory groups with memberOf filters, this value can quickly become > a long string of OR concatenated group DNs. A single misplaced character in > this cryptic string results in all users failing to sync. -- This message was sent by Atlassian Jira (v8.20.1#820001)