Pierrick FLORECK created RANGER-4755:
----------------------------------------
Summary: [RangeruserSync] Removes users/groups in case of punctual
issue to retrieve users/groups
Key: RANGER-4755
URL: https://issues.apache.org/jira/browse/RANGER-4755
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 2.2.0
Reporter: Pierrick FLORECK
Attachments: usersyncError.log
Hi team,
We have encounter an issue on Ranger usersync with ldap synchronization.
(We use a vip for ldap search and the SSL certificate of one node has been
changed without updating it in the ranger truststore.)
The user search to retrieve users from Ldap failed (SSLHandshakeException) but
the sync cycle continue assuming there are no retrieved users instead of
failing for this cycle.
As we were on the delete cycle, account are considered deleted in Ranger and we
have Access Denied for all Ranger requests.
We corrected our incident by updating our certificates but usersync's behavior
remains dangerous.
Could it be possible to update LdapUserGroupBuilder.java to fail the current
sync cycle if the user or group ldap search fail?
Thanks for your help,
Best Regards
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
