> On Feb. 19, 2017, 10:34 p.m., Selvamohan Neethiraj wrote: > > Can you please provide little more details on how the manual testing was > > done. This would be helpful for reviewer .... > > Yan Zhou wrote: > With the fix, the user sync is run ok without the exception after the > removal of the "short user name" from the "or" logic for the group search, > leaving only the full DN as the user name for the group search. Before the > fix, the same search caused the InvalidNameException thrown from the LDAP > server. > > As stated in the Jira, apparently the problem is only with some LDAP > servers. Using the Apache LDAP server in the Ranger automated user sync test, > TestLdapUserGroup, the failure can't be reproduced.
Hi Yan Zhou, Can you please provide some details on the sample schema or ldapsearch output of a user and a group on your ldap server? And also, can you provide some details on the ldap server? I have an openldap server with posixUser and posixGroup accounts and couldn't repro this issue. And also as you mentioned the unit test cases use Apache Ldap server and those pass as well. Also, one quick feedback on the changes - "useShortUserNameInGroupSearch" is set to true only when the groupObjectClass is set to posixGroup. This may not be right assumption as there may be a possiblility that the groupObjectClass is set to "top" and the group member attribute can still be configured with user's short name right? Thanks, Sailaja. - Sailaja ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56829/#review166044 ----------------------------------------------------------- On Feb. 19, 2017, 10:30 p.m., Yan Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56829/ > ----------------------------------------------------------- > > (Updated Feb. 19, 2017, 10:30 p.m.) > > > Review request for ranger. > > > Repository: ranger > > > Description > ------- > > Some LDAP servers throw exception on group search on posix user names that > are not full DNs. > > > Diffs > ----- > > > ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java > 8cf6816 > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > 070a39b > > Diff: https://reviews.apache.org/r/56829/diff/ > > > Testing > ------- > > Manual > > > Thanks, > > Yan Zhou > >
