User Sync Process

Ranger User Sync Process supports reading users and group information from one of the following sources:

• • Unix
  • LADP/AD
  • Text file - CSV or JSON format

This document specifies the details configuring Ranger User Sync process to read users and group information from a text file.

FileSourceUserGroupBuilder     

• Allows the Ranger User Group Sync operation to be done via

• Command Line operation

• User Group Sync Property Configuration.

• Ranger Class

• org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder

• This Class can be run via command line

• Property File to configure

    In Ranger 0.5 following configuration file is used 

• /etc/ranger/usersync/conf/ranger-ugsync-site.xml
  Properties to Configure :

  • ranger.usersync.enabled=true
  • ranger.usersync.source.impl.class=org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder
  • ranger.usersync.filesource.file=/home/admin/ranger-usergroups.txt
  • ranger.usersync.filesource.text.delimiter=,

• Format Supported

• JSON

• JSON file can be given to command line

• CSV

• CSV file can be given to command line

• Delimited File – Configured in ranger-ugsync-site.xml file

• Other delimiters are supported via User Group Sync Process done via normal Ranger User Group Sync daemon process.

Command Line User Group Sync process

JSON Format

• If the filename ends with .json, the file content will be treated as JSON with following format:

{

  "user1":["group-1", "group-2", "group-3"],

  "user2":["group-x","group-y","group-z"]

}

• JSON file format  e.g. UserGroupSyncFile.json

{

 "user11":["group0","group18","group6","group7","group26","group24","group19","group3","group5"],

 "user12":["group0","group18","group6"],

 "user13":[],

 "user14":["group0","group18"]

}

• To run it as a Command Line tool:

java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.json

CSV Format

• • If the filename does not end with .json, each line in the file will be treated as a delimiter separated fields of the following format. Default delimiter is a comma; this can be changed using configuration shown above.

user-1,group-1,group-2,group-3

user-2,group-x,group-y,group-z

• CSV File Format e.g. UserGroupSyncFile.txt

"user21","group20","group218","group26","group27","group262","group242","group219","group23"

"user22","group20","group218","group26"

"user23",

"user24","group20","group218"

• To run it as Command Line tool:

java -Dlogdir=/var/log/ranger/usersync -cp /usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/usr/hdp/current/ranger-usersync/conf org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder /tmp/UserGroupSyncFile.txt