Thanks Selva, Sailaja for the information. Hoping the additional information helps the community. Dilli
On Wed, Apr 20, 2016 at 2:50 PM, Sailaja Polavarapu < spolavar...@hortonworks.com> wrote: > Hi Dilli, > You are right. I should have been more specific. This port is for > UnixAuthenticationService which invokes the password validator program. > > - Sailaja. > > From: Dilli Dorai <dilli.do...@gmail.com> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date: Wednesday, April 20, 2016 at 2:25 PM > To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> > Subject: Re: Informationn about properties of Ranger > > <quote> > 4. ranger.usersync.port > > What is this port for exactly ? > [Sailaja]: This is the port where Usersync service listens on. > </quote> > > Sailaja, > May be I am misunderstanding or forgetting something here. > > I thought > usersync makes calls to other services like LDAP, AD and Ranger admin. > Other services do not call usersync. > > Could you confirm which services make call to this listen port? > Thanks > Dilli > > > On Wed, Apr 20, 2016 at 1:50 PM, Sailaja Polavarapu < > spolavar...@hortonworks.com> wrote: > >> Hi Lune, >> Answers inline… >> We have documentation on some of these properties available at: >> >> http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/ranger_advanced_usersync_settings.html >> >> Hope this helps. >> >> Thanks, >> Sailaja. >> >> From: Lune Silver <lunescar.ran...@gmail.com> >> Reply-To: "user@ranger.incubator.apache.org" < >> user@ranger.incubator.apache.org> >> Date: Wednesday, April 20, 2016 at 8:39 AM >> To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> >> Subject: Informationn about properties of Ranger >> >> Hello ! >> >> I contact you because I have some questions related to the following >> properties. >> Hope you can help me. >> >> Here are my questions : >> >> 1. ranger.usersync.passwordvalidator.path >> >> The comment says that this is the path for a native prorgam to validate >> password. But in which situation ranger does validate password ? >> [Sailaja]: In cases where ranger user sync talks to ranger admin, this >> program is called as part of HTTP basic auth filter. These cases include >> Usersync getting users & groups from ranger admin during initial startup, >> updating Ranger admin with the sync’d users and/or group information, etc… >> Default value for this property is "./native/credValidator.uexe” which as >> you said is a native program to validate password. >> >> 2. ranger.usersync.policymanager.maxrecordsperapicall >> >> The help says that this is the maximum records returned by api call, but >> in which context ? Is it when a user uses the Ranger API to get the >> policies implemented in Ranger ? >> [Sailaja]: Ranger Usersync gets all the users & groups from Ranger admin >> (stored in Ranger DB) during initial start up. Since these records can be >> many, Usersync retrieves these values in paged manner. The value from this >> (ranger.usersync.policymanager.maxrecordsperapicall) property is sent as >> the query parameter along with the start index (which is the no. of records >> retrieved till now) as part of the GET request. >> >> >> 3. ranger.usersync.policymanager.mockrun >> >> If set to true, when does usersync perform mockrun ? >> [Sailaja]: This value is used mainly for testing to check if the users & >> groups are retrieved as desired for a given sync source. When this property >> is set to “true”, then Usersync won’t update the sync results to ranger >> admin. This is mainly used in test deployments to tweak the LDAP or AD >> config until the desired results are achieved. After setting this property, >> Usersync needs to be restarted in order for the changes to be effective. >> >> 4. ranger.usersync.port >> >> What is this port for exactly ? >> [Sailaja]: This is the port where Usersync service listens on. >> >> 5. ranger.usersync.sleeptimeinmillisbetweensynccycl >> >> What is a cycle in usersync ? Is it just a synchronization ? Or is it >> more precise ? >> [Sailaja]: This property is used for periodic sync of users & groups from >> the configured Sync source. >> >> 6. ranger.usersync.source.impl.class >> >> What is this class for ? >> [Sailaja]: This is the class that will be invoked for a given Sync >> source. We currently support UNIX, FILE, or LDAP as sync sources. Sync >> source to class file mapping is as follows: >> Sync source as >> FILE: org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder >> Sync source as >> UNIX: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder >> Sync source as >> LDAP: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder >> >> >> 7. ranger.usersync.truststore.password >> >> Just for a confirmation, is it the password used to access the trustore >> file ? >> [Sailaja]: Yes >> >> 8. ranger.usersync.unix.minUserId >> >> Is there a similar property for ldap ? Or is it only for unix ? >> [Sailaja]: This is only for Unix mainly to avoid system users to be >> sync’d to ranger. >> >> >> Thank you in advance for your answers ! >> >> Best regards. >> >> Lune. >> > >
