[
https://issues.apache.org/jira/browse/ATLAS-4831?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17944454#comment-17944454
]
Ruslan edited comment on ATLAS-4831 at 4/14/25 8:19 PM:
--------------------------------------------------------
Problem using Active Directory groups from Atlas in Ranger due to converting
groups to uppercase and adding ROLE_ prefix.
We make hardcore fix:
[https://github.com/RusbNoit/atlas/commit/d1c3ca83a69d88888475c81c55b9d6ec1ebf313c]
Also there is no way to search for groups in the OI in the tree.
You can add defaultLdapAuthoritiesPopulator.setSearchSubtree(true);
Base class of methods:
[spring-security/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
at main · spring-projects/spring-security ·
GitHub|https://github.com/spring-projects/spring-security/blob/main/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java]
After this patch you can grant privileges for groups in ranger
was (Author: JIRAUSER302483):
Problem using Active Directory groups from Atlas in Ranger due to converting
groups to uppercase and adding ROLE_ prefix.
We make hardcore fix:
[https://github.com/RusbNoit/atlas/commit/d1c3ca83a69d88888475c81c55b9d6ec1ebf313c]
Also there is no way to search for groups in the OI in the tree.
You can add defaultLdapAuthoritiesPopulator.setSearchSubtree(true);
Base class of methods:
[spring-security/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java
at main · spring-projects/spring-security ·
GitHub|https://github.com/spring-projects/spring-security/blob/main/ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java]
> Issue is with AD Group Sync in Atlas
> ------------------------------------
>
> Key: ATLAS-4831
> URL: https://issues.apache.org/jira/browse/ATLAS-4831
> Project: Atlas
> Issue Type: Bug
> Reporter: Jagadesh Kiran N
> Priority: Blocker
>
> Atlas + Ranger + Active Directory / LDAP Integration:
> Issue is with AD Group Sync in Atlas.
> When a user is added to the AD group. Permissions are set to AD groups.
> In this case ideally, Atlas should allow the User (Because user is added to
> the AD Group) to interact with Atlas perform Read & Write operations.
> But the User is not able to perform the Read & Write operations and getting
> Unauthorized User Exception with 401 error code.
>
> I searched this ticket https://issues.apache.org/jira/browse/ATLAS-4357
>
> Any alternate or work around approach for this if not direct solution
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
