ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Agrawal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-691) Ranger Admin shouldn't expect users to be sync'ed for authentication
Date Tue, 31 May 2016 05:57:12 GMT

    [ https://issues.apache.org/jira/browse/RANGER-691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15307252#comment-15307252

Pradeep Agrawal commented on RANGER-691:

Yes, the proposed patch will create the user if authentication from LDAP/AD is successful
and user doesn't exist in Ranger admin. Once user is created at Ranger admin end then user
syncing is not important however user-group mapping will not be available at Ranger admin
end until user-sync is configured.

> Ranger Admin shouldn't expect users to be sync'ed for authentication
> --------------------------------------------------------------------
>                 Key: RANGER-691
>                 URL: https://issues.apache.org/jira/browse/RANGER-691
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.5.1
>            Reporter: Don Bosco Durai
>            Assignee: Pradeep Agrawal
>             Fix For: 0.6.0
>         Attachments: RANGER-691-1.patch
> Currently, if admin user is in in LDAP, but not synchronized, then RangerAdmin will not
allow the user to login.
> I feel, we should allow login and get the groups for the user in real-time from the LDAP.
This way, we are not enforcing all users to be sync'ed. In some cases, it might be possible
only to sync groups because of size or other challenges.

This message was sent by Atlassian JIRA

View raw message