[
https://issues.apache.org/jira/browse/RANGER-684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949570#comment-14949570
]
Alok Lal commented on RANGER-684:
---------------------------------
[~bosco] I was wondering if we could simply reuse the API that every service
(namenode, hbase, hive, yarn, etc) is using for user (which uses auth_to_local
mapping of core-site.xml) and group mapping in usersync. Usersync could simply
be given the core-site.xml location. We would have to change what property we
use from LDAP for user, from SAMAccountname to principle name. Is this not
possible in practice for usersync to do?
If we don't or can't do this then admin would have to do two sets of mapping
rules and maintain them. And there would be issue of ensuring that both
mapping yield same username/groupname values in usersync and in services that
invoke auth_to_local from core-site.xml.
> Ranger Usersync - Add Ability to transform user/group names
> -----------------------------------------------------------
>
> Key: RANGER-684
> URL: https://issues.apache.org/jira/browse/RANGER-684
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.4.0, 0.5.0
> Reporter: Velmurugan Periasamy
> Assignee: Sailaja Polavarapu
> Priority: Critical
> Fix For: 0.5.1, 0.6.0
>
>
> Ensure the UserSync is capable of transforming user/group names from LDAP/AD
> source. Probably by allowing custom mapping ( like space to underscore)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
