ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Vesse (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-1615) LdapUserGroupBuilder and LdapDeltaUserGroupBuilder build LDAP group filter inconsistently
Date Thu, 25 May 2017 09:43:04 GMT
Rob Vesse created RANGER-1615:
---------------------------------

             Summary: LdapUserGroupBuilder and LdapDeltaUserGroupBuilder build LDAP group
filter inconsistently
                 Key: RANGER-1615
                 URL: https://issues.apache.org/jira/browse/RANGER-1615
             Project: Ranger
          Issue Type: Bug
          Components: usersync
    Affects Versions: master
            Reporter: Rob Vesse


The {{LdapDeltaUserGroupBuilder}} constructs the LDAP filter in a way that is inconsistent
with {{LdapUserGroupBuilder}} and generates a potentially invalid filter:

{noformat}
extendedGroupSearchFilter =  "(&"  + extendedGroupSearchFilter + "(|(" + groupMemberAttributeName
+ "={0})(" + groupMemberAttributeName + "={1})))";
{noformat}

Resulting in the following in the logs:

{noformat}
25 May 2017 04:23:11  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder
initialization completed with --   groupSearchEnabled: true,  groupSearchBase: [dc=local],
 groupSearchScope: 2,  groupObjectClass: posixGroup,  groupSearchFilter: ,  extendedGroupSearchFilter:
(&null(|(memberUid={0})(memberUid={1}))),  extendedAllGroupsSearchFilter: null,  groupMemberAttributeName:
memberUid,  groupNameAttribute: cn, groupSearchAttributes: [uSNChanged, memberUid, cn, modifytimestamp],
 groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: false,
 ldapReferral: ignore
{noformat}

NB - Various bits of the log line deleted for security purposes

Note the {{&null}} present in the filter



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message