Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4755

[RangeruserSync] Removes users/groups in case of punctual issue to retrieve users/groups

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.2.0
    • None
    • Ranger
    • None

    Description

      Hi team,

      We have encounter an issue on Ranger usersync with ldap synchronization.
      (We use a vip for ldap search and the SSL certificate of one node has been changed without updating it in the ranger truststore.)
      The user search to retrieve users from Ldap failed (SSLHandshakeException) but the sync cycle continue assuming there are no retrieved users instead of failing for this cycle.
      As we were on the delete cycle, account are considered deleted in Ranger and we have Access Denied for all Ranger requests.

      We corrected our incident by updating our certificates but usersync's behavior remains dangerous.

      Could it be possible to update LdapUserGroupBuilder.java to fail the current sync cycle if the user or group ldap search fail?

      Thanks for your help,

      Best Regards

      Attachments

        1. usersyncError.log
          8 kB
          Pierrick FLORECK

        Activity

          People

            Unassigned Unassigned
            pfloreck Pierrick FLORECK
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: