[jira] [Updated] (RANGER-2406) rangerusersync open too many session for ldap sync

Tue, 23 Apr 2019 01:20:16 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-2406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konstantin Tsypin updated RANGER-2406:
--------------------------------------
    Attachment: to_many_connections2.PNG

> rangerusersync open too many session for ldap sync
> --------------------------------------------------
>
>                 Key: RANGER-2406
>                 URL: https://issues.apache.org/jira/browse/RANGER-2406
>             Project: Ranger
>          Issue Type: Bug
>          Components: usersync
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Konstantin Tsypin
>            Assignee: Pradeep Agrawal
>            Priority: Major
>         Attachments: to_many_connections2.PNG, usersync.log
>
>
> "Ranger User Sync" logs into Ranger multiple times a second. This is with:
> The high number and rate of these sessions makes it impossible to use the 
> "Login Sessions" audit page:
> Further, it's adding a lot of extra requests and overhead to Ranger, Ranger 
> User Sync, and the backing database.
> *The service should re-use its session rather than continual logins.*
> *Settings attached.*
>  
> *!image-2019-04-22-15-43-16-561.png!*
> !image-2019-04-22-15-37-57-277.png!
>  
> SYNC_SOURCE = ldap
>  SYNC_INTERVAL =
>  rangerUsersync_password=pass2ldap
>  SYNC_LDAP_URL = ldaps://ldapserver.dev.sub.domain.ru:636
>  SYNC_LDAP_BIND_DN = 
> uid=ranger,cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
>  SYNC_LDAP_BIND_PASSWORD = pass2ldap
>  SYNC_LDAP_DELTASYNC =
>  SYNC_LDAP_SEARCH_BASE = dc=dev,dc=sub,dc=domain,dc=ru
>  SYNC_LDAP_USER_SEARCH_BASE = 
> cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
>  SYNC_LDAP_USER_SEARCH_SCOPE = sub
>  SYNC_LDAP_USER_OBJECT_CLASS = person
>  SYNC_LDAP_USER_SEARCH_FILTER =
>  SYNC_LDAP_USER_NAME_ATTRIBUTE = uid
>  SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
>  SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
>  SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower
>  USERSYNC_PID_DIR_PATH=/var/run/ranger
>  SYNC_GROUP_SEARCH_ENABLED=true
>  SYNC_GROUP_USER_MAP_SYNC_ENABLED=true
>  SYNC_GROUP_SEARCH_BASE=cn=groups,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
>  SYNC_GROUP_SEARCH_SCOPE=
>  SYNC_GROUP_OBJECT_CLASS=
>  SYNC_LDAP_GROUP_SEARCH_FILTER=
>  SYNC_GROUP_NAME_ATTRIBUTE=
>  SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=
>  SYNC_PAGED_RESULTS_ENABLED=
>  SYNC_PAGED_RESULTS_SIZE=
>  SYNC_LDAP_REFERRAL=follow
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to