[
https://issues.apache.org/jira/browse/RANGER-5188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17942369#comment-17942369
]
Krzysztof Sobolewski commented on RANGER-5188:
----------------------------------------------
Some additional observations:
# The users are marked as hidden, even though they have valid groups to which
policies are attached. This is indeed very annoying and vast majority of the
users suffer from this issue.
# When the Organization Unit of the user gets changed in the Active Directory,
the usersync doesn't recognize it and also doesn't do the update to the user.
This requires us to manually delete the user and do the usersync again.
If there is a way to stop this users being hidden, it will be helpful.
> LDAP usersync and "hidden" users
> --------------------------------
>
> Key: RANGER-5188
> URL: https://issues.apache.org/jira/browse/RANGER-5188
> Project: Ranger
> Issue Type: Task
> Components: usersync
> Affects Versions: 2.4.0
> Reporter: Krzysztof Sobolewski
> Priority: Major
>
> A customer noticed one of their users got "hidden" in Ranger after user sync.
> After adding the user back to the synced LDAP groups and rerun the user sync,
> the user entry remains hidden.
> The question is:
> How does Ranger handle hidden user entries during a full sync when group sync
> is enabled (ranger.usersync.group.searchenabled=true) but user search is
> disabled (ranger.usersync.user.searchenabled=false)?
> Specifically, if a previously hidden user reappears in a synced LDAP group,
> will Ranger automatically unhide them, or does the hidden status persist?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
