RANGER-1434: Enable Group Search First causes issues when Enable Group Sync is disabled - ranger-0.6 branch
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 9552041..eac0073 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -684,6 +684,9 @@
} else {
groupSearchFirstEnabled = Boolean.valueOf(val);
}
+ if (isGroupSearchEnabled() == false) {
+ groupSearchFirstEnabled = false;
+ }
return groupSearchFirstEnabled;
}
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
index 673a88e..c3c9f90 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/LdapUserGroupTest.java
@@ -304,6 +304,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
ldapBuilder.init();
PolicyMgrUserGroupBuilderTest sink = new PolicyMgrUserGroupBuilderTest();
@@ -322,6 +323,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(true);
ldapBuilder.init();
@@ -341,6 +343,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(true);
ldapBuilder.init();
@@ -359,6 +362,7 @@
config.setGroupSearchFilter("cn=*");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(true);
ldapBuilder.init();
@@ -378,6 +382,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(true);
ldapBuilder.init();
@@ -415,6 +420,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(false);
ldapBuilder.init();
@@ -434,6 +440,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(false);
ldapBuilder.init();
@@ -525,6 +532,7 @@
config.setUserGroupMemberAttributeName("member");
config.setUserObjectClass("organizationalPerson");
config.setGroupObjectClass("groupOfNames");
+ config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(true);
config.setUserSearchEnabled(false);
ldapBuilder.init();
