[
https://issues.apache.org/jira/browse/RANGER-4755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierrick FLORECK updated RANGER-4755:
-------------------------------------
Attachment: usersyncError.log
> [RangeruserSync] Removes users/groups in case of punctual issue to retrieve
> users/groups
> ----------------------------------------------------------------------------------------
>
> Key: RANGER-4755
> URL: https://issues.apache.org/jira/browse/RANGER-4755
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.2.0
> Reporter: Pierrick FLORECK
> Priority: Major
> Attachments: usersyncError.log
>
>
> Hi team,
> We have encounter an issue on Ranger usersync with ldap synchronization.
> (We use a vip for ldap search and the SSL certificate of one node has been
> changed without updating it in the ranger truststore.)
> The user search to retrieve users from Ldap failed (SSLHandshakeException)
> but the sync cycle continue assuming there are no retrieved users instead of
> failing for this cycle.
> As we were on the delete cycle, account are considered deleted in Ranger and
> we have Access Denied for all Ranger requests.
> We corrected our incident by updating our certificates but usersync's
> behavior remains dangerous.
> Could it be possible to update LdapUserGroupBuilder.java to fail the current
> sync cycle if the user or group ldap search fail?
> Thanks for your help,
> Best Regards
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
