ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Re: Review Request 43433: Ranger-722: StartTLS support for Ranger
Date Thu, 18 Feb 2016 22:44:04 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43433/
-----------------------------------------------------------

(Updated Feb. 18, 2016, 10:44 p.m.)


Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, and Velmurugan Periasamy.


Changes
-------

Rebuilt the patch with the latest master changes in order to resolve conflicts.


Bugs: Ranger-722
    https://issues.apache.org/jira/browse/Ranger-722


Repository: ranger


Description
-------

Added support to use StartTLS for ranger usersync. As part of this support, a new usersync
config property (ranger.usersync.ldap.starttls) is added and is set to false by default. This
property can be added as a custom property for usersync for now.


Diffs (updated)
-----

  ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java
827b450 
  ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6c3aa74

  ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e342cae


Diff: https://reviews.apache.org/r/43433/diff/


Testing
-------

1. Tested without starttls option for regression.
2. Tested with StartTLS option enabled against AD & OpenLdap servers. Validated the connection
by capturing traces during usersync LDAP connection.
3. Also performed negative testing by not adding proper certs to validate the server cert
during SSL handshake.


Thanks,

Sailaja Polavarapu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message