ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Re: Review Request 44833: Ranger-869: Group Based search support for ranger usersync
Date Thu, 31 Mar 2016 21:11:33 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44833/
-----------------------------------------------------------

(Updated March 31, 2016, 9:11 p.m.)


Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, and Velmurugan Periasamy.


Changes
-------

Incorporated review feedback


Bugs: Ranger-869
    https://issues.apache.org/jira/browse/Ranger-869


Repository: ranger


Description
-------

Implemented support for Group based search for Ranger Usersync module. This is enabled by
adding a custom usersync property "ranger.usersync.group.search.first.enabled" with value
"true". This feature is introduced to support some use cases like retrieving the groups that
don’t contain any users, retrieving users based on the member attribute in the group (instead
of memberof attribute) for some openldap deployments, retrieving all the users based on the
group filter, etc...


Diffs (updated)
-----

  ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 670d8c5

  ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e7b00ca

  ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
67379d5 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 0443185 
  ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java 8d75e10 
  ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
e106e9c 
  ugsync/src/test/resources/ADSchema.ldif 9d5a4c2 
  ugsync/src/test/resources/ranger-ugsync-site.xml 9ae522b 

Diff: https://reviews.apache.org/r/44833/diff/


Testing
-------

1. Added some unit tests for group based search to cover some of the above test cases
2. Tested end-to-end functionality with AD and OpenLdap servers
3. Also ran few performance tests with max 5000 groups and 1000 users against AD during usersync
startup


Thanks,

Sailaja Polavarapu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message