[ https://issues.apache.org/jira/browse/RANGER-4755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierrick FLORECK updated RANGER-4755: ------------------------------------- Attachment: usersyncError.log > [RangeruserSync] Removes users/groups in case of punctual issue to retrieve > users/groups > ---------------------------------------------------------------------------------------- > > Key: RANGER-4755 > URL: https://issues.apache.org/jira/browse/RANGER-4755 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 2.2.0 > Reporter: Pierrick FLORECK > Priority: Major > Attachments: usersyncError.log > > > Hi team, > We have encounter an issue on Ranger usersync with ldap synchronization. > (We use a vip for ldap search and the SSL certificate of one node has been > changed without updating it in the ranger truststore.) > The user search to retrieve users from Ldap failed (SSLHandshakeException) > but the sync cycle continue assuming there are no retrieved users instead of > failing for this cycle. > As we were on the delete cycle, account are considered deleted in Ranger and > we have Access Denied for all Ranger requests. > We corrected our incident by updating our certificates but usersync's > behavior remains dangerous. > Could it be possible to update LdapUserGroupBuilder.java to fail the current > sync cycle if the user or group ldap search fail? > Thanks for your help, > Best Regards -- This message was sent by Atlassian Jira (v8.20.10#820010)