apache - Ranger 增量用户同步未将新组同步到用户

Question

我正在使用 Ranger 2.2 版并尝试从 LDAP 同步用户。我已应用组过滤器来检索属于 groupA 和 groupB: 的所有用户。在第一次运行期间，所有用户（groupA、groupB 的一部分）都从 LDAP 同步。但是当我向用户添加新组时，新组没有得到更新。

案例 1：groupA 和 groupB 的所有用户都在同步。

user1 belongs to groupA , groupB

user2 belongs to groupA

user3 belongs to groupA, groupB

案例 2：将 user2 添加到 groupB 在这种情况下，新组没有同步到 user2。

附上 ranger-ugsync-site.xml 以供参考。

<configuration>
<property>
    <name>ranger.usersync.credstore.filename</name>
    <value>../ranger/usersync/conf/rangerusersync.jceks</value>
</property>
<property>
    <name>ranger.usersync.enabled</name>
    <value>true</value>
</property>
<property>
    <name>ranger.usersync.group.memberattributename</name>
    <value>member</value>
</property>
<property>
    <name>ranger.usersync.group.nameattribute</name>
    <value>sAMAccountName</value>
</property>
<property>
    <name>ranger.usersync.group.objectclass</name>
    <value>group</value>
</property>
<property>
    <name>ranger.usersync.group.searchbase</name>
    <value>dc=example,dc=com</value>
</property>
<property>
    <name>ranger.usersync.group.searchenabled</name>
    <value>true</value>
</property>
<property>
    <name>ranger.usersync.group.searchfilter</name>
    <value>(|(CN=group1)(CN=group2))</value>
</property>
<property>
    <name>ranger.usersync.group.searchscope</name>
    <value>sub</value>
</property>
<property>
    <name>ranger.usersync.ldap.binddn</name>
    <value>cn=adadmin,cn=Users, dc=example,dc=com</value>
</property>
<property>
    <name>ranger.usersync.ldap.groupname.caseconversion</name>
    <value>upper</value>
</property>
<property>
    <name>ranger.usersync.ldap.ldapbindpassword</name>
    <value>_</value>
</property>
<property>
    <name>ranger.usersync.ldap.searchBase</name>
    <value>dc=example,dc=com</value>
</property>
<property>
    <name>ranger.usersync.ldap.url</name>
    <value>ldap://hostname:3269</value>
</property>
<property>
            <name>ranger.usersync.ldap.deltasync</name>
            <value>true</value>
    </property>
<property>
    <name>ranger.usersync.ldap.user.groupnameattribute</name>
    <value>memberof,ismemberof</value>
</property>
<property>
    <name>ranger.usersync.ldap.user.nameattribute</name>
    <value>sAMAccountName</value>
</property>
<property>
    <name>ranger.usersync.ldap.user.objectclass</name>
    <value>person</value>
</property>
<property>
    <name>ranger.usersync.ldap.user.searchbase</name>
    <value>ou=users, dc=example, dc=com</value>
</property>
<property>
    <name>ranger.usersync.ldap.user.searchfilter</name>
    <value>''</value>
</property>
<property>
    <name>ranger.usersync.ldap.user.searchscope</name>
    <value>sub</value>
</property>
<property>
    <name>ranger.usersync.ldap.username.caseconversion</name>
    <value>upper</value>
</property>
<property>
    <name>ranger.usersync.logdir</name>
    <value>logs</value>
</property>
<property>
    <name>ranger.usersync.pagedresultsenabled</name>
    <value>true</value>
</property>
<property>
    <name>ranger.usersync.pagedresultssize</name>
    <value />
</property>

<property>
    <name>ranger.usersync.policymanager.baseURL</name>
    <value>http://<hostname>:6080</value>
</property>
<property>
    <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
    <value>1000</value>
</property>
<property>
    <name>ranger.usersync.policymanager.mockrun</name>
    <value>false</value>
</property>
<property>
    <name>ranger.usersync.port</name>
    <value>5151</value>
</property>
<property>
    <name>ranger.usersync.sink.impl.class</name>
    <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
</property>
<property>
    <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
    <value>3600000</value>
</property>
<property>
    <name>ranger.usersync.source.impl.class</name>
    <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
</property>
<property>
    <name>ranger.usersync.ssl</name>
    <value>true</value>
</property>
<property>
    <name>ranger.usersync.unix.minUserId</name>
    <value>500</value>
</property>
<property>
    <name>ranger.usersync.unix.minGroupId</name>
    <value>500</value>
</property>
<property>
    <name>ranger.usersync.keystore.file</name>
    <value>../ranger/usersync/conf/cert/unixauthservice.jks</value>
</property>
<property>
    <name>ranger.usersync.truststore.file</name>
    <value />
</property>
<property>
    <name>ranger.usersync.sync.source</name>
    <value>ldap</value>
</property>
<property>
    <name>ranger.usersync.ldap.referral</name>
    <value>ignore</value>
</property>
<property>
    <name>ranger.usersync.kerberos.principal</name>
    <value />
</property>
<property>
    <name>ranger.usersync.kerberos.keytab</name>
    <value />
</property>
<property>
  <name>ranger.usersync.keystore.password</name>
  <value>_</value>
</property>
<property>
  <name>ranger.usersync.truststore.password</name>
  <value>_</value>
</property>
<property>
  <name>ranger.usersync.role.assignment.list.delimiter</name>
      <value>&amp;</value>
    </property>
    <property>
  <name>ranger.usersync.users.groups.assignment.list.delimiter</name>
  <value>:</value>
    </property>
    <property>
  <name>ranger.usersync.username.groupname.assignment.list.delimiter</name>
  <value>,</value>
    </property>
<property>
      <name>ranger.usersync.group.based.role.assignment.rules</name>
  <value />
</property>

%

apache - Ranger 增量用户同步未将新组同步到用户

0 回答 0

Related

Reference