Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Identity Assertion [regex] in Apache Knox, Ranger

Highlighted

Identity Assertion [regex] in Apache Knox, Ranger

Contributor

Hello, I defined a list of users in LDAP; uid = user's email address. So, I tried to use this email as username to access to WebHdfs. It doesn't work because of "@" character is illegal argument. Legal argument : ^[A-Za-z_][A-Za-z0-9._-]*[$]?$ Then, I used the Identity Assertion Provider [Regex] to change the user identity: I replace "@" character by "_spe_". It works but there are three issues: - In Ranger it is very difficult to have a clean data audit : in my LDAP I have an email address (bob@test.com) and in Ranger I have (bob_spe_test.com),

- My Ranger is also synchronised with LDAP. How Ranger could check in LDAP the user bob_spe_test.com to authorize my real user bob@test.com ?

- All my services applied this rule (Identity Assertion Provider). Questions : - I suppose I could define this provider only for Webhdfs. How can I do ? In rewrite.xml file ? It is not documented, I need some advice for this provider. - Is there another way to use an email address as an username ? Thank you for your help.