-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40802/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, and Velmurugan Periasamy.
Bugs: Ranger-742
https://issues.apache.org/jira/browse/Ranger-742
Repository: ranger
Description
-------
Made code changes to complete user search before performing group search. This
way the paged results can be processed properly.
Also, added check to retrieve groups from user's memberof attribute only when
group search is not enabled. This way when group search is enabled, the group
search filter is honored and only the groups matching the group search filter
are synced as part of the usersync.
Diffs
-----
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
bab9e84
Diff: https://reviews.apache.org/r/40802/diff/
Testing
-------
1. Tested the changes against both AD and LDAP instances -
a. ranger.usersync.pagedresultsenabled set to true
b. ranger.usersync.pagedresultsenabled set to false
c. ranger.usersync.group.searchenabled set to false
d. ranger.usersync.group.searchenabled set to true
e. With less than 500 users (ranger.usersync.pagedresultssize=500)
f. With more than 500 users (ranger.usersync.pagedresultssize=500)
2. Developed and ran some unit tests with different group search filters with
ranger.usersync.group.searchenabled set to true/false.
Thanks,
Sailaja Polavarapu
