-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45418/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Ramesh Mani, and Selvamohan Neethiraj.
Bugs: RANGER-898
https://issues.apache.org/jira/browse/RANGER-898
Repository: ranger
Description
-------
**Problem Statement:**
If user's LDAP / AD has uppercase usernames and produce uppercase user Kerberos
principals. When doing the initial user sync into Ranger, the default setting
of "lower" causes all their user names to be saved in lower case, meaning they
don't match the Kerberos principals that LDAP / AD is handing out.
It seems to me the more sensible default for both username and group case
conversion should be "none" and to just use whatever the backend directory
hands out, as-is, to prevent unexpected confusion such as this.
**Proposed Solution:**
Change Ranger's default settings for below given properties :
ldapGroupSync.username.caseConversion = "none"
ldapGroupSync.groupname.caseConversion = "none"
Diffs
-----
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
bc06a65
ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties dc6fc59
ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
a548957
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
e46b469
ugsync/src/test/resources/ranger-ugsync-site.xml 0b2c991
unixauthservice/conf.dist/ranger-ugsync-default.xml 4175986
Diff: https://reviews.apache.org/r/45418/diff/
Testing
-------
Verified Ranger manual installation with above default properties and was able
to sync users and groups from LDAP instance.
Thanks,
Mehul Parikh
