[
https://issues.apache.org/jira/browse/RANGER-691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15307252#comment-15307252
]
Pradeep Agrawal commented on RANGER-691:
----------------------------------------
Yes, the proposed patch will create the user if authentication from LDAP/AD is
successful and user doesn't exist in Ranger admin. Once user is created at
Ranger admin end then user syncing is not important however user-group mapping
will not be available at Ranger admin end until user-sync is configured.
> Ranger Admin shouldn't expect users to be sync'ed for authentication
> --------------------------------------------------------------------
>
> Key: RANGER-691
> URL: https://issues.apache.org/jira/browse/RANGER-691
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.5.1
> Reporter: Don Bosco Durai
> Assignee: Pradeep Agrawal
> Fix For: 0.6.0
>
> Attachments: RANGER-691-1.patch
>
>
> Currently, if admin user is in in LDAP, but not synchronized, then
> RangerAdmin will not allow the user to login.
> I feel, we should allow login and get the groups for the user in real-time
> from the LDAP. This way, we are not enforcing all users to be sync'ed. In
> some cases, it might be possible only to sync groups because of size or other
> challenges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
