In the Advanced usersync Properties field, enter the following values in the specified fields.
Table 3.4. Advanced Usersync Properties
| Configuration Property Name | Description | Default Value | Example Value | Required |
|---|---|---|---|---|
|
CRED_KEYSTORE FILENAME | Location of the file where the encrypted password is kept. | /usr/lib/xausersync/.jceks/xausersync.jceks | /etc/ranger/usersync/jceks/xausersync.jceks | Yes, if SYNC_SOURCE is selected as LDAP. |
|
MIN_UNIX_USER_ TO_SYNC | The UserId that is used to synchronize to the Ranger user database. | 300 (UNIX), 1000 (LDAP) | 1000 | |
| SYNC_INTERVAL | Sepecifies the interval (in minutes) between the synchronization cycles. Note that the second sync cycle will NOT start until the first sync cycle is completed. | 5 | No | |
| SYNC_SOURCE | Specifies where the user/group information is extracted to the put into the Ranger database. Specify whether you want to use UNIX or LDAP. UNIX retrieves the user information from /etc/passwd file and retrieves group information from /etc/group file. LDAP retrieves the user information from the LDAP service. | UNIX | No | |
| SYNC_LDAP_BIND_DN | The LDAP bind domain name used to connect to LDAP and query for users and groups. | cn=admin, ou=users, dc=hadoop, dc=apache dc-org | Yes, if SYNC_SOURCE is selected as LDAP. | |
|
SYNC_LDAP_ BIND_PASSWORD | The LDAP bind password fro the bind domain name specified in the SYNC_LDAP_BIND_DN | LdapAdminPassWORd | Yes, if SYNC_SOURCE is selected as LDAP. | |
|
SYNC_LDAP_GROUP NAME_ CASE_CONVERSION | Converts all group names to lower/upper case. | lower | lower | No (defaults to lower) |
| SYNC_LDAP_URL | The URL of the source LDAP. | Ldap://ldap.example.com:389 | Yes, if SYNC_SOURCE is selected as LDAP. | |
|
SYNC_LDAP_ USERNAME CASE_CONVERSION | Converts all usernames to lower/upper case. Lower=Usernames are converted to lower case when the username is saved to the Ranger database. Upper=Usernames are converted to upper case when the username is saved to the Ranger database. | lower | lower | No (defaults to lower) |
|
SYNC_LDAP_USER_ GROUP_NAME_ ATTRIBUTE | An attribute from the user entry whose values would be treated as groups values to be pushed into the Policy Manager database. You can provide multiple attribute names, separated by a comma. | memberofismemberof | memberofismemberof | No (defaults to memberof, ismemberof) |
|
SYNC_LDAP_USER_ NAME_ATTRIBUTE | An attribute from the user entry that is treated as a username. | cn | cn | No (defaults to cn) |
|
SYNC_LDAP_USER_ OBJECT_CLASS | An objectclass used to identify user entries. | person | person | No (defaults to person) |
|
SYNC_LDAP_USER_ SEARCH_FILTER | An additional optional filter constraining the users selected for syncing. | (dept=eng) | No (defaults to an empty string) |
