Description
"Ranger User Sync" logs into Ranger multiple times a second. This is with:
The high number and rate of these sessions makes it impossible to use the "Login Sessions" audit page:
Further, it's adding a lot of extra requests and overhead to Ranger, Ranger User Sync, and the backing database.
The service should re-use its session rather than continual logins.
Settings attached.
SYNC_SOURCE = ldap
SYNC_INTERVAL =
rangerUsersync_password=pass2ldap
SYNC_LDAP_URL = ldaps://ldapserver.dev.sub.domain.ru:636
SYNC_LDAP_BIND_DN = uid=ranger,cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
SYNC_LDAP_BIND_PASSWORD = pass2ldap
SYNC_LDAP_DELTASYNC =
SYNC_LDAP_SEARCH_BASE = dc=dev,dc=sub,dc=domain,dc=ru
SYNC_LDAP_USER_SEARCH_BASE = cn=users,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
SYNC_LDAP_USER_SEARCH_SCOPE = sub
SYNC_LDAP_USER_OBJECT_CLASS = person
SYNC_LDAP_USER_SEARCH_FILTER =
SYNC_LDAP_USER_NAME_ATTRIBUTE = uid
SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower
USERSYNC_PID_DIR_PATH=/var/run/ranger
SYNC_GROUP_SEARCH_ENABLED=true
SYNC_GROUP_USER_MAP_SYNC_ENABLED=true
SYNC_GROUP_SEARCH_BASE=cn=groups,cn=accounts,dc=dev,dc=sub,dc=domain,dc=ru
SYNC_GROUP_SEARCH_SCOPE=
SYNC_GROUP_OBJECT_CLASS=
SYNC_LDAP_GROUP_SEARCH_FILTER=
SYNC_GROUP_NAME_ATTRIBUTE=
SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=
SYNC_PAGED_RESULTS_ENABLED=
SYNC_PAGED_RESULTS_SIZE=
SYNC_LDAP_REFERRAL=follow
Attachments
Attachments
Issue Links
- links to