I defined a list of users in LDAP; uid = user's email address.
So, I tried to use this email as username to access to WebHdfs. It doesn't work because of "@" character is illegal argument.
Legal argument : ^[A-Za-z_][A-Za-z0-9._-]*[$]?$
Then, I used the Identity Assertion Provider [Regex] to change the user identity: I replace "@" character by "_spe_".
It works but there are three issues:
- In Ranger it is very difficult to have a clean data audit : in my LDAP I have an email address (email@example.com) and in Ranger I have (bob_spe_test.com),
- My Ranger is also synchronised with LDAP. How Ranger could check in LDAP the user bob_spe_test.com to authorize my real user firstname.lastname@example.org ?
- All my services applied this rule (Identity Assertion Provider).
- I suppose I could define this provider only for Webhdfs. How can I do ? In rewrite.xml file ? It is not documented, I need some advice for this provider.
- Is there another way to use an email address as an username ?
Thank you for your help.