[
https://issues.apache.org/jira/browse/RANGER-684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949591#comment-14949591
]
Don Bosco Durai commented on RANGER-684:
----------------------------------------
Unfortunately users and group mappings are not very well standardized.
auth_to_local is mostly used to map Kerberos principal to linux users. While
Hadoop prefers users and groups materialized on each box, group mapping
generally comes from OS. So you need tools like SSSD, Centrify, etc to do that.
Hadoop has extensible classes and also LDAP group mappings, etc. But
integrating that might not solve all our issues. So using core-site.xml will
only solve part of the puzzle.
The best option would be to do the extendible framework on our side and if
required give an implementation for use core-site.xml.
The two sets of mapping should be acceptable to the users, because one of the
mapping might not be in Hadoop at all. If we don't support mapping in Ranger,
then it might be a blocker for some users where they have complex requirements.
> Ranger Usersync - Add Ability to transform user/group names
> -----------------------------------------------------------
>
> Key: RANGER-684
> URL: https://issues.apache.org/jira/browse/RANGER-684
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.4.0, 0.5.0
> Reporter: Velmurugan Periasamy
> Assignee: Sailaja Polavarapu
> Priority: Critical
> Fix For: 0.5.1, 0.6.0
>
>
> Ensure the UserSync is capable of transforming user/group names from LDAP/AD
> source. Probably by allowing custom mapping ( like space to underscore)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
