[
https://issues.apache.org/jira/browse/RANGER-4026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721871#comment-17721871
]
Abhishek Kumar commented on RANGER-4026:
----------------------------------------
PR: [https://github.com/apache/ranger/pull/254]
> Provide option to update group memberships when same users/groups are synced
> from different sync sources
> --------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4026
> URL: https://issues.apache.org/jira/browse/RANGER-4026
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
> Reporter: Sailaja Polavarapu
> Assignee: Abhishek Kumar
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> RANGER-3254 implemented a change in user/group mapping so that sync source is
> taken into account when a group name matches multiple sources. LDAP users
> belonging to a group like "CN=mygroup" will not be synced in Ranger if there
> is an existing "mygroup" that was imported by UnixUserGroupBuilder.
> This breaks a very common use case where posix users and groups are synced to
> the OS from an LDAP backend using SSSD, Centrify, or similar utilities. In
> those cases, both the linux OS and LDAP/AD are using the same identity
> repository. If Ranger imported a set of users and groups from one sync
> source, and then later switches to another, group mappings break and users
> don't get all of their groups.
> Provide an option for customers to treat users/groups from multiple sync
> sources as same for updating group memberships.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
