Anyone have success with integrating FreeIPA with Ranger?
I have them sync-ed and it generally works, but I'm confused by the lack of attributes being shared by FreeIPA concerning Users.
I'm unclear if FreeIPA isnt sharing attributes (beyond the most basic) via the LDAP protocol or if Ranger is not setup to read/display/use them or both.
Any suggestions are greatly appreciated.
Mike
Mike Patterson via FreeIPA-users wrote:
Anyone have success with integrating FreeIPA with Ranger?
I have them sync-ed and it generally works, but I'm confused by the lack of attributes being shared by FreeIPA concerning Users.
I'm unclear if FreeIPA isnt sharing attributes (beyond the most basic) via the LDAP protocol or if Ranger is not setup to read/display/use them or both.
Any suggestions are greatly appreciated.
What is Ranger and how did you configure it against IPA? What attributes are visible and what isn't?
rob
Ranger: https://ranger.apache.org/
Basically, in the Ranger sync properties, the ldap bind settings are set, and it brings in group and user settings. It does that, but just not all of the attributes I'd expect, like employee information or many of the fields in the person object class. Thanks, Mike
On Wed, Jun 19, 2024 at 4:38 PM Rob Crittenden rcritten@redhat.com wrote:
Mike Patterson via FreeIPA-users wrote:
Anyone have success with integrating FreeIPA with Ranger?
I have them sync-ed and it generally works, but I'm confused by the lack
of attributes being shared by FreeIPA concerning Users.
I'm unclear if FreeIPA isnt sharing attributes (beyond the most basic)
via the LDAP protocol or if Ranger is not setup to read/display/use them or both.
Any suggestions are greatly appreciated.
What is Ranger and how did you configure it against IPA? What attributes are visible and what isn't?
rob
That site is pretty thin on actual details. Is there documentation for it?
What exactly are you seeing? There is apparently a sync log. Comparing that to the 389-ds logs might be useful.
At this point we don't know if Ranger is asking for values and not getting them or not asking at all.
How are you binding to IPA? Anonymous? A sysaccount user? An IPA POSIX user?
rob
Mike Patterson wrote:
Ranger: https://ranger.apache.org/
Basically, in the Ranger sync properties, the ldap bind settings are set, and it brings in group and user settings. It does that, but just not all of the attributes I'd expect, like employee information or many of the fields in the person object class. Thanks, Mike
On Wed, Jun 19, 2024 at 4:38 PM Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
Mike Patterson via FreeIPA-users wrote: > Anyone have success with integrating FreeIPA with Ranger? > > I have them sync-ed and it generally works, but I'm confused by the lack of attributes being shared by FreeIPA concerning Users. > > I'm unclear if FreeIPA isnt sharing attributes (beyond the most basic) via the LDAP protocol or if Ranger is not setup to read/display/use them or both. > > Any suggestions are greatly appreciated. What is Ranger and how did you configure it against IPA? What attributes are visible and what isn't? rob
freeipa-users@lists.fedorahosted.org