| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # |
| # The following URL should be the base URL for connecting to the policy manager web application |
| # For example: |
| # |
| # POLICY_MGR_URL = http://policymanager.xasecure.net:6080 |
| # |
| POLICY_MGR_URL = |
| |
| # sync source, only unix and ldap are supported at present |
| # defaults to unix |
| SYNC_SOURCE = |
| |
| |
| # |
| # Minumum Unix User-id to start SYNC. |
| # This should avoid creating UNIX system-level users in the Policy Manager |
| # |
| MIN_UNIX_USER_ID_TO_SYNC = 1000 |
| |
| # sync interval in minutes |
| # user, groups would be synced again at the end of each sync interval |
| # defaults to 5 if SYNC_SOURCE is unix |
| # defaults to 360 if SYNC_SOURCE is ldap |
| SYNC_INTERVAL = |
| |
| #User and group for the usersync process |
| unix_user=ranger |
| unix_group=ranger |
| |
| |
| # --------------------------------------------------------------- |
| # The following properties are relevant only if SYNC_SOURCE = ldap |
| # --------------------------------------------------------------- |
| |
| # URL of source ldap |
| # a sample value would be: ldap://ldap.example.com:389 |
| # Must specify a value if SYNC_SOURCE is ldap |
| SYNC_LDAP_URL = |
| |
| # ldap bind dn used to connect to ldap and query for users and groups |
| # a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org |
| # Must specify a value if SYNC_SOURCE is ldap |
| SYNC_LDAP_BIND_DN = |
| |
| # ldap bind password for the bind dn specified above |
| # please ensure read access to this file is limited to root, to protect the password |
| # Must specify a value if SYNC_SOURCE is ldap |
| # unless anonymous search is allowed by the directory on users and group |
| SYNC_LDAP_BIND_PASSWORD = |
| CRED_KEYSTORE_FILENAME=/usr/lib/xausersync/.jceks/xausersync.jceks |
| # search base for users |
| # sample value would be ou=users,dc=hadoop,dc=apache,dc=org |
| SYNC_LDAP_USER_SEARCH_BASE = |
| |
| # search scope for the users, only base, one and sub are supported values |
| # please customize the value to suit your deployment |
| # default value: sub |
| SYNC_LDAP_USER_SEARCH_SCOPE = sub |
| |
| # objectclass to identify user entries |
| # please customize the value to suit your deployment |
| # default value: person |
| SYNC_LDAP_USER_OBJECT_CLASS = person |
| |
| # optional additional filter constraining the users selected for syncing |
| # a sample value would be (dept=eng) |
| # please customize the value to suit your deployment |
| # default value is empty |
| SYNC_LDAP_USER_SEARCH_FILTER = |
| |
| # attribute from user entry that would be treated as user name |
| # please customize the value to suit your deployment |
| # default value: cn |
| SYNC_LDAP_USER_NAME_ATTRIBUTE = cn |
| |
| # attribute from user entry whose values would be treated as |
| # group values to be pushed into Policy Manager database |
| # You could provide multiple attribute names separated by comma |
| # default value: memberof, ismemberof |
| SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof |
| # |
| # UserSync - Case Conversion Flags |
| # possible values: none, lower, upper |
| SYNC_LDAP_USERNAME_CASE_CONVERSION=lower |
| SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower |
| |
| #user sync log path |
| logdir=logs |
| #/var/log/ranger/usersync |