We currently have a username/groupname transformation feature implemented for LDAP sync (https://issues.apache.org/jira/browse/RANGER-684). May be we can do similar changes for File source sync or move the name transformation logic to common location for all sync sources. Few things to consider when we implement name transformation logic to File source - 1. For non Json files, provide a delimiter that is not part of the transformation logic in order to distinguish between usernames & groupnames while reading from the input file. 2. Apply same transformation logic while sending any authorization requests to ranger with username and/or groupname 3. Apply same transformation logic if using other services like solr, kafka, etc…
Thanks, Sailaja. On 5/4/16, 2:03 PM, "Bryan Bende" <[email protected]> wrote: >I don't think this one has a server side fix... > >We can fix the user sync to remove email validation (RANGER-968), and we >can change the UI to allow DNs on user creation(RANGER-967)... > >But in either case, we can't create a policy through the UI when the >username is a DN. The REST API may work, but there has to be something user >facing. > >Do you view this as another JIRA? or maybe I'm trying to force something >that wasn't intended to work? > > >On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <[email protected]> wrote: > >> Gautam might be the right person to answer UI related questions. >> >> If server side fix will unblock you, then I will suggest that you should >> fix it for the time being. We can ask Gautam to look into the UI side. >> >> >> >> Thanks >> >> Bosco >> >> >> On 5/4/16, 12:02 PM, "Bryan Bende" <[email protected]> wrote: >> >> >All, >> > >> >I started looking at this ticket because I initially thought it would be >> >straight forward... >> > >> >In UserForm.js I changed the regex validator from >> [a-z0-9][a-z0-9,._\-'+/@] >> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That allowed >> >me to enter a DN as a user name. >> > >> >The next issue is that when creating a policy for that user, the value of >> >the users field is split on commas, so a single DN with commas ends being >> >submitted as several users that don't exist, and prevent the policy from >> >being created. >> > >> >This happens in RangerPolicyForm.js with this code: >> > >> >if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){ >> > policyItem.set("users",m.get("userName").split(',')); >> >} >> > >> >I have a feeling this can't easily be changed because it is how multiple >> >selected users are being stored behind the scenes. >> > >> >Does anyone have any thoughts on what else would need to be changed to >> >allow a username with commas in it? >> > >> >Thanks, >> > >> >Bryan >> > >> > >> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <[email protected]> >> wrote: >> > >> >> >> >> [ >> >> >> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel >> >> ] >> >> >> >> Bryan Bende updated RANGER-967: >> >> ------------------------------- >> >> Fix Version/s: 0.6.0 >> >> >> >> > Allow additional characters in username >> >> > --------------------------------------- >> >> > >> >> > Key: RANGER-967 >> >> > URL: https://issues.apache.org/jira/browse/RANGER-967 >> >> > Project: Ranger >> >> > Issue Type: Improvement >> >> > Reporter: Bryan Bende >> >> > Assignee: Bryan Bende >> >> > Priority: Minor >> >> > Fix For: 0.6.0 >> >> > >> >> > >> >> > Currently the Username field on the Create User form in the UI >> performs >> >> validation that restricts the value to: >> >> > [a-z0-9][a-z0-9,._\-'+/@]+ >> >> > I'd like to be able to add a DN as a username such as: >> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US >> >> > I believe this would require adding "=" and spaces as valid >> characters. >> >> >> >> >> >> >> >> -- >> >> This message was sent by Atlassian JIRA >> >> (v6.3.4#6332) >> >> >> >>
