[jira] [Comment Edited] (RANGER-3973) LDAP incremental search not always available

Wed, 01 Oct 2025 10:06:01 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18024037#comment-18024037
 ] 

Jonas Hartwig edited comment on RANGER-3973 at 10/1/25 12:19 PM:
-----------------------------------------------------------------

Hi, late to get back to you. Unfortunately our active directory does not return 
any users on that query with invalid fields. We use ranger 2.7.0 now and do a 
new take on it. We still have this issue with the delta sync. Also I cannot 
deactivate this. In install.properties i set 
{code:java}
SYNC_LDAP_DELTASYNC=false {code}
Then i have in the installprop2xml.properties:
{code:java}
SYNC_LDAP_DELTASYNC = ranger.usersync.ldap.deltasync {code}
However, in ranger-ugsync-site.xml i get:
{code:java}
<property>
  <name>ranger.usersync.ldap.deltasync</name>
  <value>true</value>
</property> {code}
Is this a bug or what am I doing wrong?

 

Maybe this line should be different: 
https://github.com/apache/ranger/blob/master/unixauthservice/scripts/setup.py#L259C13-L259C59


was (Author: jonas.hartwig):
Hi, late to get back to you. Unfortunately our active directory does not return 
any users on that query with invalid fields. We use ranger 2.7.0 now and do a 
new take on it. We still have this issue with the delta sync. Also I cannot 
deactivate this. In install.properties i set 
{code:java}
SYNC_LDAP_DELTASYNC=false {code}
Then i have in the installprop2xml.properties:
{code:java}
SYNC_LDAP_DELTASYNC = ranger.usersync.ldap.deltasync {code}
However, in ranger-ugsync-site.xml i get:
{code:java}
<property>
  <name>ranger.usersync.ldap.deltasync</name>
  <value>true</value>
</property> {code}
Is this a bug or what am I doing wrong?

> LDAP incremental search not always available
> --------------------------------------------
>
>                 Key: RANGER-3973
>                 URL: https://issues.apache.org/jira/browse/RANGER-3973
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>    Affects Versions: 2.3.0
>            Reporter: Jonas Hartwig
>            Priority: Blocker
>             Fix For: 3.0.0
>
>
> In certain situations the LDAP incremental user/groups search is not 
> available. There is a feature already to disable incremental loads. This is a 
> request to add a feature to disable using the delta fields for lookup. Our 
> LDAP does not have modifyTimestamp field.
> When the flag ranger.usersync.ldap.deltasync is set ldap search should not 
> use properties 
> uSNChanged and modifyTimestamp (they are not needed). 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to