Support Questions
Find answers, ask questions, and share your expertise

Identity Assertion [regex] in Apache Knox, Ranger

Contributor

Hello, I defined a list of users in LDAP; uid = user's email address. So, I tried to use this email as username to access to WebHdfs. It doesn't work because of "@" character is illegal argument. Legal argument : ^[A-Za-z_][A-Za-z0-9._-]*[$]?$ Then, I used the Identity Assertion Provider [Regex] to change the user identity: I replace "@" character by "_spe_". It works but there are three issues: - In Ranger it is very difficult to have a clean data audit : in my LDAP I have an email address (bob@test.com) and in Ranger I have (bob_spe_test.com),

- My Ranger is also synchronised with LDAP. How Ranger could check in LDAP the user bob_spe_test.com to authorize my real user bob@test.com ?

- All my services applied this rule (Identity Assertion Provider). Questions : - I suppose I could define this provider only for Webhdfs. How can I do ? In rewrite.xml file ? It is not documented, I need some advice for this provider. - Is there another way to use an email address as an username ? Thank you for your help.

0 REPLIES 0