[
https://issues.apache.org/jira/browse/RANGER-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17864826#comment-17864826
]
Sailaja Polavarapu commented on RANGER-3973:
--------------------------------------------
If your LDAP doesn't have modifyTimestamp, then the effective ldap search just
ignores that property and it is in effect disabling incremental sync. Are you
noticing some error with the current implementation?
For example, most of the Active Directories don't have modifyTimestamp
attribute. In this case when "ranger.usersync.ldap.deltasync" is set to true,
even though the ldap search filter includes "modifyTimestamp", AD just ignores
while sending the results.
> LDAP incremental search not always available
> --------------------------------------------
>
> Key: RANGER-3973
> URL: https://issues.apache.org/jira/browse/RANGER-3973
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 2.3.0
> Reporter: Jonas Hartwig
> Priority: Blocker
> Fix For: 3.0.0
>
>
> In certain situations the LDAP incremental user/groups search is not
> available. There is a feature already to disable incremental loads. This is a
> request to add a feature to disable using the delta fields for lookup. Our
> LDAP does not have modifyTimestamp field.
> When the flag ranger.usersync.ldap.deltasync is set ldap search should not
> use properties
> uSNChanged and modifyTimestamp (they are not needed).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
