Page tree
Skip to end of metadata
Go to start of metadata

User Sync Process

Ranger User Sync Process supports reading users and group information from one of the following sources:

    • Unix
    • LADP/AD
    • Text file - CSV or JSON format

This document specifies the details configuring Ranger User Sync process to read users and group information from a text file.

FileSourceUserGroupBuilder     

  • Allows the Ranger User Group Sync operation to be done via

    • Command Line operation

    • User Group Sync Property Configuration.

  • Ranger Class

    • org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder

    • This Class can be run via command line

  • Property File to configure

    In Ranger 0.5 following configuration file is used 

    • /etc/ranger/usersync/conf/ranger-ugsync-site.xml
      Properties to Configure :

      • ranger.usersync.enabled=true
      • ranger.usersync.source.impl.class=org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder
      • ranger.usersync.filesource.file=/home/admin/ranger-usergroups.txt
      • ranger.usersync.filesource.text.delimiter=,
  • Format Supported

    • JSON

      • JSON file can be given to command line

    • CSV

      • CSV file can be given to command line

    • Delimited File – Configured in ranger-ugsync-site.xml file

      • Other delimiters are supported via User Group Sync Process done via normal Ranger User Group Sync daemon process.

Command Line User Group Sync process

JSON Format

  • If the filename ends with .json, the file content will be treated as JSON with following format:

{

  "user1":["group-1", "group-2", "group-3"],

  "user2":["group-x","group-y","group-z"]

}

  • JSON file format  e.g. UserGroupSyncFile.json

{

 "user11":["group0","group18","group6","group7","group26","group24","group19","group3","group5"],

 "user12":["group0","group18","group6"],

 "user13":[],

 "user14":["group0","group18"]

}

  • To run it as a Command Line tool:

java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.json

CSV Format

    • If the filename does not end with .json, each line in the file will be treated as a delimiter separated fields of the following format. Default delimiter is a comma; this can be changed using configuration shown above.

user-1,group-1,group-2,group-3

user-2,group-x,group-y,group-z

  • CSV File Format e.g. UserGroupSyncFile.txt

"user21","group20","group218","group26","group27","group262","group242","group219","group23"

"user22","group20","group218","group26"

"user23",

"user24","group20","group218"

  • To run it as Command Line tool:

java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.txt



 

 

 

 

  • No labels

6 Comments

  1. <quote>
    • To run it as Command Line tool:

    java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.txt

     </quote>


    Does the user really have choice for classpath and class? Why do you not provide a simple shell script that internally sets the right classpath and class name?

  2. We can provide a  shell script as part of the usersync, but for now this is option to run the FileSourceUserGroupBuilder process

    1. Ramesh Mani, can we create a JIRA to track this? I do like the idea of creating a shell script. Since all the libraries are part of the package, except for the input, I think we can do it easily. Also for the LDAP discovery tool we have a created a shell script to run it. 

      Hopefully, in the future, once we have enough scripts, we consider a CLI where these features could be params.

  3. Don Bosco Durai, I have created  RANGER-700 - Provide a wrapper shell script to run the FileSourceUserGroupBuilder process Resolved  for tracking this request.

  4. FYI The property ranger.usersync.filesource.text.delimiter  is actually ranger.usersync.filesource.text.delimiterer in the code.

    Happy to open a JIRA to change the code to delimiter, but seems easier to update this page rather possibly break anyone already using delimiterer. Let me know.

  5. Bryan Bende, Please open a jira and put the fix in Master.