Review Request 48022: RANGER-691 : Ranger Admin shouldn't expect users to be sync'ed for authentication

Sun, 29 May 2016 21:34:47 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48022/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-691
    https://issues.apache.org/jira/browse/RANGER-691


Repository: ranger


Description
-------

**Problem Statement:**
if external user is authenticated, but not synchronized, then RangerAdmin does 
not allow the user to login.

**Proposed Solution:**
Proposed solution shall create authenticated user as external user if user is 
not available in Ranger admin.
This implementation is similar to user creation process implemented for 
authorized kerberized user.

Note : Proposed solution will not sync groups of authenticated user from 
various authentication method (i.e LDAP/AD/UNIX)


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 96f2ee3 
  
security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
 bf16a57 

Diff: https://reviews.apache.org/r/48022/diff/


Testing
-------

**Steps performed:**
*Case-1 : LDAP/AD user Authnetication*

1. Provided LDAP server configuration in ranger-admin-site.xml file and 
restarted Ranger admin, 
2. Stopped Ranger usersync to stop adding new Ldap users.
3. Created a user 'ldapuser1' in Ldap server.
4. Tried to log in from LDAP user 'ldapuser1'.

**Expected Behavior:**
Though 'ldapuser1' is not created yet in Ranger admin, if 'ldapuser1' is 
authenticated from ldap server then 'ldapuser1' should get created and page 
should be redirected to Ranger dashboard page for 'ldapuser1'.

**Actual Behavior:**
'ldapuser1' Login was successful and was able to see dashboard page of Ranger.

*Case-2 : UNIX user Authnetication*
1. Provided 'UNIX' value in 'ranger.authentication.method' property of 
ranger-admin-site.xml file and restarted Ranger admin.
2. Stopped Ranger usersync; in install.properties file provided 
'SYNC_SOURCE=unix' and 'SYNC_INTERVAL=10', started Ranger usersync.
3. Added a OS user 'unixuser1'.
4. Tried to log in from UNIX user 'unixuser1'.

**Expected Behavior:**
Though 'unixuser1' is not created yet in Ranger admin, if 'unixuser1' is 
authenticated from unix server then 'unixuser1' should get created and page 
should be redirected to Ranger dashboard page for 'unixuser1'.

**Actual Behavior:**
'unixuser1' Login was successful and was able to see dashboard page of Ranger.


Thanks,

Pradeep Agrawal

Reply via email to