Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2406

rangerusersync open too many session for ldap sync

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0, 1.2.0
    • Fix Version/s: 2.0.0
    • Component/s: usersync
    • Labels:
      None

      Description

      "Ranger User Sync" logs into Ranger multiple times a second. This is with:

      The high number and rate of these sessions makes it impossible to use the "Login Sessions" audit page:

      Further, it's adding a lot of extra requests and overhead to Ranger, Ranger User Sync, and the backing database.

      The service should re-use its session rather than continual logins.

      Settings attached.

       

       

      SYNC_SOURCE = ldap
      SYNC_INTERVAL =
      rangerUsersync_password=pass2ldap
      SYNC_LDAP_URL = ldaps://ldapserver.dev.sub.domain.ru:636
      SYNC_LDAP_BIND_DN = uid=ranger,cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
      SYNC_LDAP_BIND_PASSWORD = pass2ldap
      SYNC_LDAP_DELTASYNC =
      SYNC_LDAP_SEARCH_BASE = dc=dev,dc=sub,dc=domain,dc=ru
      SYNC_LDAP_USER_SEARCH_BASE = cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
      SYNC_LDAP_USER_SEARCH_SCOPE = sub
      SYNC_LDAP_USER_OBJECT_CLASS = person
      SYNC_LDAP_USER_SEARCH_FILTER =
      SYNC_LDAP_USER_NAME_ATTRIBUTE = uid
      SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
      SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
      SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower
      USERSYNC_PID_DIR_PATH=/var/run/ranger
      SYNC_GROUP_SEARCH_ENABLED=true
      SYNC_GROUP_USER_MAP_SYNC_ENABLED=true
      SYNC_GROUP_SEARCH_BASE=cn=groups,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
      SYNC_GROUP_SEARCH_SCOPE=
      SYNC_GROUP_OBJECT_CLASS=
      SYNC_LDAP_GROUP_SEARCH_FILTER=
      SYNC_GROUP_NAME_ATTRIBUTE=
      SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=
      SYNC_PAGED_RESULTS_ENABLED=
      SYNC_PAGED_RESULTS_SIZE=
      SYNC_LDAP_REFERRAL=follow

       

        Attachments

        1. to_many_connections2.PNG
          318 kB
          Konstantin Tsypin
        2. usersync.log
          519 kB
          Konstantin Tsypin

          Issue Links

            Activity

              People

              • Assignee:
                nikhil Nikhil Purbhe
                Reporter:
                fullhouse Konstantin Tsypin
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: