Re: Review Request 45418: RANGER-898 : Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"

Fri, 01 Apr 2016 23:15:06 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45418/#review126682
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On March 29, 2016, 9:23 a.m., Mehul Parikh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45418/
> -----------------------------------------------------------
> 
> (Updated March 29, 2016, 9:23 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Ramesh Mani, and Selvamohan Neethiraj.
> 
> 
> Bugs: RANGER-898
>     https://issues.apache.org/jira/browse/RANGER-898
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** 
> If user's LDAP / AD has uppercase usernames and produce uppercase user 
> Kerberos principals. When doing the initial user sync into Ranger, the 
> default setting of "lower" causes all their user names to be saved in lower 
> case, meaning they don't match the Kerberos principals that LDAP / AD is 
> handing out. 
> It seems to me the more sensible default for both username and group case 
> conversion should be "none" and to just use whatever the backend directory 
> hands out, as-is, to prevent unexpected confusion such as this.
> 
> **Proposed Solution:**
> Change Ranger's default settings for below given properties :
> ldapGroupSync.username.caseConversion = "none" 
> ldapGroupSync.groupname.caseConversion = "none"
> 
> 
> Diffs
> -----
> 
>   migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py 
> bc06a65 
>   ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties dc6fc59 
>   
> ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
>  a548957 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
>  e46b469 
>   ugsync/src/test/resources/ranger-ugsync-site.xml 0b2c991 
>   unixauthservice/conf.dist/ranger-ugsync-default.xml 4175986 
> 
> Diff: https://reviews.apache.org/r/45418/diff/
> 
> 
> Testing
> -------
> 
> Verified Ranger manual installation with above default properties and was 
> able to sync users and groups from LDAP instance.
> 
> 
> Thanks,
> 
> Mehul Parikh
> 
>

Reply via email to