----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60421/#review180010 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java Lines 1160 (patched) <https://reviews.apache.org/r/60421/#comment255016> single return from the method would be better. Also no exceptions are handled here. security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java Lines 1169 (patched) <https://reviews.apache.org/r/60421/#comment255014> will this work if usersync user is customized? Also it would be a good idea to log debug messages for else condition, currently there is no clue if the execution falls on else condition. security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java Line 1278 (original), 1298 (patched) <https://reviews.apache.org/r/60421/#comment255015> Logging else condition (allowing rangerusersync) would be helpful unixauthservice/scripts/templates/ranger-ugsync-template.xml Lines 209 (patched) <https://reviews.apache.org/r/60421/#comment255006> To be consistent, add prefix "ranger.usersync" to this new property unixauthservice/scripts/templates/ranger-ugsync-template.xml Lines 213 (patched) <https://reviews.apache.org/r/60421/#comment255007> To be consistent, add prefix "ranger.usersync" to this new property unixauthservice/scripts/templates/ranger-ugsync-template.xml Lines 217 (patched) <https://reviews.apache.org/r/60421/#comment255008> To be consistent, add prefix "ranger.usersync" to this new property unixauthservice/scripts/templates/ranger-ugsync-template.xml Lines 221 (patched) <https://reviews.apache.org/r/60421/#comment255009> To be consistent, add prefix "ranger.usersync" to this new property - Velmurugan Periasamy On June 26, 2017, 8:01 a.m., bhavik patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60421/ > ----------------------------------------------------------- > > (Updated June 26, 2017, 8:01 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan > Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1491 > https://issues.apache.org/jira/browse/RANGER-1491 > > > Repository: ranger > > > Description > ------- > > Currently when Ranger connect to external LDAP server than users are > synchronised and they will get default as "User" role. > > It would be a good feature to introduce a mechanism to automatically map > certain users (e.g. they are in a specific group) to "Administrator" or > "Keyadmin" role rather than setting as default "User" role. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 6f77832 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cd1de9f > security-admin/src/main/java/org/apache/ranger/service/XUserService.java > de95138 > security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 5e0ca20 > security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java > 30525b3 > > ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java > 428ad30 > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > 19343b2 > ugsync/src/main/java/org/apache/ranger/unixusersync/model/MUserInfo.java > 841bac6 > ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java > 7d636fd > unixauthservice/scripts/install.properties 13ae1e5 > unixauthservice/scripts/setup.py bbc9226 > unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36 > unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8 > > > Diff: https://reviews.apache.org/r/60421/diff/1/ > > > Testing > ------- > > 1. Verified when ranger-admin connect to LDAP server than users are > synchronised form there they got same role which is specified in > usersync-side. > 2. Verified unix authentication and usersync. > > > Thanks, > > bhavik patel > >