----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48022/#review135903 -----------------------------------------------------------
Ship it! Ship It! - Velmurugan Periasamy On May 30, 2016, 4:33 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48022/ > ----------------------------------------------------------- > > (Updated May 30, 2016, 4:33 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-691 > https://issues.apache.org/jira/browse/RANGER-691 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** > if external user is authenticated, but not synchronized, then RangerAdmin > does not allow the user to login. > > **Proposed Solution:** > Proposed solution shall create authenticated user as external user if user is > not available in Ranger admin. > This implementation is similar to user creation process implemented for > authorized kerberized user. > > Note : Proposed solution will not sync groups of authenticated user from > various authentication method (i.e LDAP/AD/UNIX) > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 96f2ee3 > > security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java > bf16a57 > > Diff: https://reviews.apache.org/r/48022/diff/ > > > Testing > ------- > > **Steps performed:** > *Case-1 : LDAP/AD user Authnetication* > > 1. Provided LDAP server configuration in ranger-admin-site.xml file and > restarted Ranger admin, > 2. Stopped Ranger usersync to stop adding new Ldap users. > 3. Created a user 'ldapuser1' in Ldap server. > 4. Tried to log in from LDAP user 'ldapuser1'. > > **Expected Behavior:** > Though 'ldapuser1' is not created yet in Ranger admin, if 'ldapuser1' is > authenticated from ldap server then 'ldapuser1' should get created and page > should be redirected to Ranger dashboard page for 'ldapuser1'. > > **Actual Behavior:** > 'ldapuser1' Login was successful and was able to see dashboard page of Ranger. > > *Case-2 : UNIX user Authnetication* > 1. Provided 'UNIX' value in 'ranger.authentication.method' property of > ranger-admin-site.xml file and restarted Ranger admin. > 2. Stopped Ranger usersync; in install.properties file provided > 'SYNC_SOURCE=unix' and 'SYNC_INTERVAL=10', started Ranger usersync. > 3. Added a OS user 'unixuser1'. > 4. Tried to log in from UNIX user 'unixuser1'. > > **Expected Behavior:** > Though 'unixuser1' is not created yet in Ranger admin, if 'unixuser1' is > authenticated from unix server then 'unixuser1' should get created and page > should be redirected to Ranger dashboard page for 'unixuser1'. > > **Actual Behavior:** > 'unixuser1' Login was successful and was able to see dashboard page of Ranger. > > > Thanks, > > Pradeep Agrawal > >
