----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43433/#review119917 -----------------------------------------------------------
Ship it! Ship It! - Velmurugan Periasamy On Feb. 18, 2016, 10:44 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/43433/ > ----------------------------------------------------------- > > (Updated Feb. 18, 2016, 10:44 p.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: Ranger-722 > https://issues.apache.org/jira/browse/Ranger-722 > > > Repository: ranger > > > Description > ------- > > Added support to use StartTLS for ranger usersync. As part of this support, a > new usersync config property (ranger.usersync.ldap.starttls) is added and is > set to false by default. This property can be added as a custom property for > usersync for now. > > > Diffs > ----- > > > ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java > 827b450 > > ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java > 6c3aa74 > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > e342cae > > Diff: https://reviews.apache.org/r/43433/diff/ > > > Testing > ------- > > 1. Tested without starttls option for regression. > 2. Tested with StartTLS option enabled against AD & OpenLdap servers. > Validated the connection by capturing traces during usersync LDAP connection. > 3. Also performed negative testing by not adding proper certs to validate the > server cert during SSL handshake. > > > Thanks, > > Sailaja Polavarapu > >
