Behavioral Changes in Apache Ranger
Learn about the change in certain functionality of Ranger that has resulted in a change in behavior from the previously released version to this version of Cloudera Runtime.
- Summary:
- Ranger Usersync configuration properties and behavior changed to simplify usability and processing.
- Details:
-
- The following configuration properties are no longer used:
-
- ranger.usersync.ldap.searchBase
- ranger.usersync.ldap.user.groupnameattribute
- ranger.usersync.group.usermapsyncenabled
- ranger.usersync.user.searchenabled
- ranger.usersync.group.searchenabled
- ranger.usersync.group.search.first.enabled
- Previous behavior:
-
If groupSearchFirstEnabled = true and userSearchEnabled=false, then Usersync uses the groupMemberAttributeName (which is uniqueMember in your configuration) to retrieve users and does not use any of the user search-related configuration properties to perform ldap search for users.
- New behavior:
-
Usersync always performs group search and user search separately, based on the configuration. groupMemberAttributeName is used only to retrieve group memberships and user search is used to retrieve users.
