ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Re: Review Request 43433: Ranger-722: StartTLS support for Ranger
Date Thu, 18 Feb 2016 22:44:04 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Feb. 18, 2016, 10:44 p.m.)

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, and Velmurugan Periasamy.


Rebuilt the patch with the latest master changes in order to resolve conflicts.

Bugs: Ranger-722

Repository: ranger


Added support to use StartTLS for ranger usersync. As part of this support, a new usersync
config property (ranger.usersync.ldap.starttls) is added and is set to false by default. This
property can be added as a custom property for usersync for now.

Diffs (updated)

  ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6c3aa74

  ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e342cae

Diff: https://reviews.apache.org/r/43433/diff/


1. Tested without starttls option for regression.
2. Tested with StartTLS option enabled against AD & OpenLdap servers. Validated the connection
by capturing traces during usersync LDAP connection.
3. Also performed negative testing by not adding proper certs to validate the server cert
during SSL handshake.


Sailaja Polavarapu

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message