ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-684) Ranger Usersync - Add Ability to transform user/group names
Date Thu, 08 Oct 2015 23:02:26 GMT

    [ https://issues.apache.org/jira/browse/RANGER-684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949570#comment-14949570

Alok Lal commented on RANGER-684:

[~bosco] I was wondering if we could simply reuse the API that every service (namenode, hbase,
hive, yarn, etc) is using for user (which uses auth_to_local mapping of core-site.xml) and
group mapping in usersync.  Usersync could simply be given the core-site.xml location.  We
would have to change what property we use from LDAP for user, from SAMAccountname to principle
name.  Is this not possible in practice for usersync to do?

If we don't or can't do this then admin would have to do two sets of mapping rules and maintain
them.  And there would be issue of ensuring that both mapping yield same username/groupname
values in usersync and in services that invoke auth_to_local from core-site.xml.

> Ranger Usersync - Add Ability to transform user/group names
> -----------------------------------------------------------
>                 Key: RANGER-684
>                 URL: https://issues.apache.org/jira/browse/RANGER-684
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.4.0, 0.5.0
>            Reporter: Velmurugan Periasamy
>            Assignee: Sailaja Polavarapu
>            Priority: Critical
>             Fix For: 0.5.1, 0.6.0
> Ensure the UserSync is capable of transforming user/group names from LDAP/AD source.
Probably by allowing custom mapping ( like space to underscore) 

This message was sent by Atlassian JIRA

View raw message