<quote> 4. ranger.usersync.port What is this port for exactly ? [Sailaja]: This is the port where Usersync service listens on. </quote>
Sailaja, May be I am misunderstanding or forgetting something here. I thought usersync makes calls to other services like LDAP, AD and Ranger admin. Other services do not call usersync. Could you confirm which services make call to this listen port? Thanks Dilli On Wed, Apr 20, 2016 at 1:50 PM, Sailaja Polavarapu < spolavar...@hortonworks.com> wrote: > Hi Lune, > Answers inline… > We have documentation on some of these properties available at: > > http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/ranger_advanced_usersync_settings.html > > Hope this helps. > > Thanks, > Sailaja. > > From: Lune Silver <lunescar.ran...@gmail.com> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date: Wednesday, April 20, 2016 at 8:39 AM > To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> > Subject: Informationn about properties of Ranger > > Hello ! > > I contact you because I have some questions related to the following > properties. > Hope you can help me. > > Here are my questions : > > 1. ranger.usersync.passwordvalidator.path > > The comment says that this is the path for a native prorgam to validate > password. But in which situation ranger does validate password ? > [Sailaja]: In cases where ranger user sync talks to ranger admin, this > program is called as part of HTTP basic auth filter. These cases include > Usersync getting users & groups from ranger admin during initial startup, > updating Ranger admin with the sync’d users and/or group information, etc… > Default value for this property is "./native/credValidator.uexe” which as > you said is a native program to validate password. > > 2. ranger.usersync.policymanager.maxrecordsperapicall > > The help says that this is the maximum records returned by api call, but > in which context ? Is it when a user uses the Ranger API to get the > policies implemented in Ranger ? > [Sailaja]: Ranger Usersync gets all the users & groups from Ranger admin > (stored in Ranger DB) during initial start up. Since these records can be > many, Usersync retrieves these values in paged manner. The value from this > (ranger.usersync.policymanager.maxrecordsperapicall) property is sent as > the query parameter along with the start index (which is the no. of records > retrieved till now) as part of the GET request. > > > 3. ranger.usersync.policymanager.mockrun > > If set to true, when does usersync perform mockrun ? > [Sailaja]: This value is used mainly for testing to check if the users & > groups are retrieved as desired for a given sync source. When this property > is set to “true”, then Usersync won’t update the sync results to ranger > admin. This is mainly used in test deployments to tweak the LDAP or AD > config until the desired results are achieved. After setting this property, > Usersync needs to be restarted in order for the changes to be effective. > > 4. ranger.usersync.port > > What is this port for exactly ? > [Sailaja]: This is the port where Usersync service listens on. > > 5. ranger.usersync.sleeptimeinmillisbetweensynccycl > > What is a cycle in usersync ? Is it just a synchronization ? Or is it more > precise ? > [Sailaja]: This property is used for periodic sync of users & groups from > the configured Sync source. > > 6. ranger.usersync.source.impl.class > > What is this class for ? > [Sailaja]: This is the class that will be invoked for a given Sync source. > We currently support UNIX, FILE, or LDAP as sync sources. Sync source to > class file mapping is as follows: > Sync source as > FILE: org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder > Sync source as > UNIX: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder > Sync source as > LDAP: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder > > > 7. ranger.usersync.truststore.password > > Just for a confirmation, is it the password used to access the trustore > file ? > [Sailaja]: Yes > > 8. ranger.usersync.unix.minUserId > > Is there a similar property for ldap ? Or is it only for unix ? > [Sailaja]: This is only for Unix mainly to avoid system users to be sync’d > to ranger. > > > Thank you in advance for your answers ! > > Best regards. > > Lune. >
