ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1211) Improve Ranger Usersync to sync AD/LDAP users and/or groups incrementally.
Date Wed, 28 Dec 2016 22:18:58 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15783833#comment-15783833

Alok Lal commented on RANGER-1211:

[~spolavarapu] Does it make sense to add a provision to for a periodic checkpoint, say, every
few days?  This could mitigate risks of ranger getting out with ldap and help to reason about
and debug any possible mismatches.  If so, then does it might make sense to keep track of
timestamp of last full sync so that can it can be queried.

>  Improve Ranger Usersync to sync AD/LDAP users and/or groups incrementally.
> ---------------------------------------------------------------------------
>                 Key: RANGER-1211
>                 URL: https://issues.apache.org/jira/browse/RANGER-1211
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.6.1, 0.6.2
>            Reporter: Sailaja Polavarapu
>            Assignee: Sailaja Polavarapu
>              Labels: ranger
>             Fix For: 0.7.0
>         Attachments: 0001-RANGER-1211-Support-incremental-Delta-Sync-with-AD-L.patch,
> During every sync cycle, Ranger Usersync performs full LDAP/AD sync and computes the
delta in-memory and updates ranger admin. Since usersync computes the delta (including group
memberships) of all the users that are sync’d in memory for every sync cycle, UserSync can
take a lot of resources on the server it is running on. 
> Enhance usersync to perform full sync only during startup and incremental or delta sync
for the subsequent sync cycles. This way the delta computation of group memberships can be
highly reduced and can increase usersync performance. 

This message was sent by Atlassian JIRA

View raw message