-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43433/
-----------------------------------------------------------
(Updated Feb. 18, 2016, 10:44 p.m.)
Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan
Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
Rebuilt the patch with the latest master changes in order to resolve conflicts.
Bugs: Ranger-722
https://issues.apache.org/jira/browse/Ranger-722
Repository: ranger
Description
-------
Added support to use StartTLS for ranger usersync. As part of this support, a
new usersync config property (ranger.usersync.ldap.starttls) is added and is
set to false by default. This property can be added as a custom property for
usersync for now.
Diffs (updated)
-----
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/CustomSSLSocketFactory.java
827b450
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
6c3aa74
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
e342cae
Diff: https://reviews.apache.org/r/43433/diff/
Testing
-------
1. Tested without starttls option for regression.
2. Tested with StartTLS option enabled against AD & OpenLdap servers. Validated
the connection by capturing traces during usersync LDAP connection.
3. Also performed negative testing by not adding proper certs to validate the
server cert during SSL handshake.
Thanks,
Sailaja Polavarapu
