[jira] [Assigned] (RANGER-4026) Provide option to update group memberships when same users/groups are synced from different sync sources
[ https://issues.apache.org/jira/browse/RANGER-4026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Kumar reassigned RANGER-4026: -- Assignee: Abhishek Kumar (was: Sailaja Polavarapu) > Provide option to update group memberships when same users/groups are synced > from different sync sources > > > Key: RANGER-4026 > URL: https://issues.apache.org/jira/browse/RANGER-4026 > Project: Ranger > Issue Type: Improvement > Components: usersync >Reporter: Sailaja Polavarapu >Assignee: Abhishek Kumar >Priority: Major > > RANGER-3254 implemented a change in user/group mapping so that sync source is > taken into account when a group name matches multiple sources. LDAP users > belonging to a group like "CN=mygroup" will not be synced in Ranger if there > is an existing "mygroup" that was imported by UnixUserGroupBuilder. > This breaks a very common use case where posix users and groups are synced to > the OS from an LDAP backend using SSSD, Centrify, or similar utilities. In > those cases, both the linux OS and LDAP/AD are using the same identity > repository. If Ranger imported a set of users and groups from one sync > source, and then later switches to another, group mappings break and users > don't get all of their groups. > Provide an option for customers to treat users/groups from multiple sync > sources as same for updating group memberships. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4026) Provide option to update group memberships when same users/groups are synced from different sync sources
[ https://issues.apache.org/jira/browse/RANGER-4026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu reassigned RANGER-4026: -- Assignee: Sailaja Polavarapu > Provide option to update group memberships when same users/groups are synced > from different sync sources > > > Key: RANGER-4026 > URL: https://issues.apache.org/jira/browse/RANGER-4026 > Project: Ranger > Issue Type: Improvement > Components: usersync >Reporter: Sailaja Polavarapu >Assignee: Sailaja Polavarapu >Priority: Major > > RANGER-3254 implemented a change in user/group mapping so that sync source is > taken into account when a group name matches multiple sources. LDAP users > belonging to a group like "CN=mygroup" will not be synced in Ranger if there > is an existing "mygroup" that was imported by UnixUserGroupBuilder. > This breaks a very common use case where posix users and groups are synced to > the OS from an LDAP backend using SSSD, Centrify, or similar utilities. In > those cases, both the linux OS and LDAP/AD are using the same identity > repository. If Ranger imported a set of users and groups from one sync > source, and then later switches to another, group mappings break and users > don't get all of their groups. > Provide an option for customers to treat users/groups from multiple sync > sources as same for updating group memberships. -- This message was sent by Atlassian Jira (v8.20.10#820010)
