Sailaja Polavarapu created RANGER-4026:
------------------------------------------
Summary: Provide option to update group memberships when same
users/groups are synced from different sync sources
Key: RANGER-4026
URL: https://issues.apache.org/jira/browse/RANGER-4026
Project: Ranger
Issue Type: Improvement
Components: usersync
Reporter: Sailaja Polavarapu
RANGER-3254 implemented a change in user/group mapping so that sync source is
taken into account when a group name matches multiple sources. LDAP users
belonging to a group like "CN=mygroup" will not be synced in Ranger if there is
an existing "mygroup" that was imported by UnixUserGroupBuilder.
This breaks a very common use case where posix users and groups are synced to
the OS from an LDAP backend using SSSD, Centrify, or similar utilities. In
those cases, both the linux OS and LDAP/AD are using the same identity
repository. If Ranger imported a set of users and groups from one sync source,
and then later switches to another, group mappings break and users don't get
all of their groups.
Provide an option for customers to treat users/groups from multiple sync
sources as same for updating group memberships.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
