[
https://issues.apache.org/jira/browse/RANGER-1211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15783833#comment-15783833
]
Alok Lal commented on RANGER-1211:
----------------------------------
[~spolavarapu] Does it make sense to add a provision to for a periodic
checkpoint, say, every few days? This could mitigate risks of ranger getting
out with ldap and help to reason about and debug any possible mismatches. If
so, then does it might make sense to keep track of timestamp of last full sync
so that can it can be queried.
> Improve Ranger Usersync to sync AD/LDAP users and/or groups incrementally.
> ---------------------------------------------------------------------------
>
> Key: RANGER-1211
> URL: https://issues.apache.org/jira/browse/RANGER-1211
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
> Affects Versions: 0.6.1, 0.6.2
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Labels: ranger
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1211-Support-incremental-Delta-Sync-with-AD-L.patch,
> DeltaSyncsupportforRangerUsersync.docx
>
>
> During every sync cycle, Ranger Usersync performs full LDAP/AD sync and
> computes the delta in-memory and updates ranger admin. Since usersync
> computes the delta (including group memberships) of all the users that are
> sync’d in memory for every sync cycle, UserSync can take a lot of resources
> on the server it is running on.
> Enhance usersync to perform full sync only during startup and incremental or
> delta sync for the subsequent sync cycles. This way the delta computation of
> group memberships can be highly reduced and can increase usersync
> performance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
