ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-684) Ranger Usersync - Add Ability to transform user/group names
Date Thu, 08 Oct 2015 23:19:27 GMT

    [ https://issues.apache.org/jira/browse/RANGER-684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949591#comment-14949591

Don Bosco Durai commented on RANGER-684:

Unfortunately users and group mappings are not very well standardized. auth_to_local is mostly
used to map Kerberos principal to linux users. While Hadoop prefers users and groups materialized
on each box, group mapping generally comes from OS. So you need tools like SSSD, Centrify,
etc to do that. Hadoop has extensible classes and also LDAP group mappings, etc. But integrating
that might not solve all our issues. So using core-site.xml will only solve part of the puzzle.

The best option would be to do the extendible framework on our side and if required give an
implementation for use core-site.xml. 

The two sets of mapping should be acceptable to the users, because one of the mapping might
not be in Hadoop at all. If we don't support mapping in Ranger, then it might be a blocker
for some users where they have complex requirements.

> Ranger Usersync - Add Ability to transform user/group names
> -----------------------------------------------------------
>                 Key: RANGER-684
>                 URL: https://issues.apache.org/jira/browse/RANGER-684
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.4.0, 0.5.0
>            Reporter: Velmurugan Periasamy
>            Assignee: Sailaja Polavarapu
>            Priority: Critical
>             Fix For: 0.5.1, 0.6.0
> Ensure the UserSync is capable of transforming user/group names from LDAP/AD source.
Probably by allowing custom mapping ( like space to underscore) 

This message was sent by Atlassian JIRA

View raw message