unixauthservice/scripts/install.properties - ranger - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 #
 # The following URL should be the base URL for connecting to the policy manager web application
 # For example:
 #
 #  POLICY_MGR_URL = http://policymanager.xasecure.net:6080
 #
 POLICY_MGR_URL =

 # sync source,  only unix and ldap are supported at present
 # defaults to unix
 SYNC_SOURCE =


 #
 # Minumum Unix User-id to start SYNC.
 # This should avoid creating UNIX system-level users in the Policy Manager
 #
 MIN_UNIX_USER_ID_TO_SYNC = 500

 # sync interval in minutes
 # user, groups would be synced again at the end of each sync interval
 # defaults to 5   if SYNC_SOURCE is unix
 # defaults to 360 if SYNC_SOURCE is ldap
 SYNC_INTERVAL =

 #User and group for the usersync process
 unix_user=ranger
 unix_group=ranger

 #
 # The file where all credential is kept in cryptic format
 #
 CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

 # ---------------------------------------------------------------
 # The following properties are relevant only if SYNC_SOURCE = ldap
 # ---------------------------------------------------------------

 # URL of source ldap
 # a sample value would be:  ldap://ldap.example.com:389
 # Must specify a value if SYNC_SOURCE is ldap
 SYNC_LDAP_URL =

 # ldap bind dn used to connect to ldap and query for users and groups
 # a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org
 # Must specify a value if SYNC_SOURCE is ldap
 SYNC_LDAP_BIND_DN =

 # ldap bind password for the bind dn specified above
 # please ensure read access to this file  is limited to root, to protect the password
 # Must specify a value if SYNC_SOURCE is ldap
 # unless anonymous search is allowed by the directory on users and group
 SYNC_LDAP_BIND_PASSWORD =

 # search base for users and groups
 # sample value would be dc=hadoop,dc=apache,dc=org
 SYNC_LDAP_SEARCH_BASE =

 # search base for users
 # sample value would be ou=users,dc=hadoop,dc=apache,dc=org
 # overrides value specified in SYNC_LDAP_SEARCH_BASE
 SYNC_LDAP_USER_SEARCH_BASE =

 # search scope for the users, only base, one and sub are supported values
 # please customize the value to suit your deployment
 # default value: sub
 SYNC_LDAP_USER_SEARCH_SCOPE = sub

 # objectclass to identify user entries
 # please customize the value to suit your deployment
 # default value: person
 SYNC_LDAP_USER_OBJECT_CLASS = person

 # optional additional filter constraining the users selected for syncing
 # a sample value would be (dept=eng)
 # please customize the value to suit your deployment
 # default value is empty
 SYNC_LDAP_USER_SEARCH_FILTER =

 # attribute from user entry that would be treated as user name
 # please customize the value to suit your deployment
 # default value: cn
 SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

 # attribute from user entry whose values would be treated as
 # group values to be pushed into Policy Manager database
 # You could provide multiple attribute names separated by comma
 # default value: memberof, ismemberof
 SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
 #
 # UserSync - Case Conversion Flags
 # possible values:  none, lower, upper
 SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
 SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

 #user sync log path
 logdir=logs
 #/var/log/ranger/usersync

 # do we want to do ldapsearch to find groups instead of relying on user entry attributes
 # valid values: true, false
 # any value other than true would be treated as false
 # default value: false
 SYNC_GROUP_SEARCH_ENABLED=

 # do we want to do ldapsearch to find groups instead of relying on user entry attributes and
 # sync memberships of those groups
 # valid values: true, false
 # any value other than true would be treated as false
 # default value: false
 SYNC_GROUP_USER_MAP_SYNC_ENABLED=

 # search base for groups
 # sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
 # overrides value specified in SYNC_LDAP_SEARCH_BASE,  SYNC_LDAP_USER_SEARCH_BASE
 # if a value is not specified, takes the value of  SYNC_LDAP_SEARCH_BASE
 # if  SYNC_LDAP_SEARCH_BASE is also not specified, takes the value of SYNC_LDAP_USER_SEARCH_BASE
 SYNC_GROUP_SEARCH_BASE=

 # search scope for the groups, only base, one and sub are supported values
 # please customize the value to suit your deployment
 # default value: sub
 SYNC_GROUP_SEARCH_SCOPE=

 # objectclass to identify group entries
 # please customize the value to suit your deployment
 # default value: groupofnames
 SYNC_GROUP_OBJECT_CLASS=

 # optional additional filter constraining the groups selected for syncing
 # a sample value would be (dept=eng)
 # please customize the value to suit your deployment
 # default value is empty
 SYNC_LDAP_GROUP_SEARCH_FILTER=

 # attribute from group entry that would be treated as group name
 # please customize the value to suit your deployment
 # default value: cn
 SYNC_GROUP_NAME_ATTRIBUTE=

 # attribute from group entry that is list of members
 # please customize the value to suit your deployment
 # default value: member
 SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

 # do we want to use paged results control during ldapsearch for user entries
 # valid values: true, false
 # any value other than true would be treated as false
 # default value: true
 # if the value is false, typical AD would return would not returm more than 1000 entries
 SYNC_PAGED_RESULTS_ENABLED=

 # page size for paged results control
 # search results would be returned page by page with the specified number of entries per page
 # default value: 500
 SYNC_PAGED_RESULTS_SIZE=
 #LDAP context referral could be ignore or follow
 SYNC_LDAP_REFERRAL =ignore
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	#
	# The following URL should be the base URL for connecting to the policy manager web application
	# For example:
	#
	# POLICY_MGR_URL = http://policymanager.xasecure.net:6080
	#
	POLICY_MGR_URL =

	# sync source, only unix and ldap are supported at present
	# defaults to unix
	SYNC_SOURCE =


	#
	# Minumum Unix User-id to start SYNC.
	# This should avoid creating UNIX system-level users in the Policy Manager
	#
	MIN_UNIX_USER_ID_TO_SYNC = 500

	# sync interval in minutes
	# user, groups would be synced again at the end of each sync interval
	# defaults to 5 if SYNC_SOURCE is unix
	# defaults to 360 if SYNC_SOURCE is ldap
	SYNC_INTERVAL =

	#User and group for the usersync process
	unix_user=ranger
	unix_group=ranger

	#
	# The file where all credential is kept in cryptic format
	#
	CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

	# ---------------------------------------------------------------
	# The following properties are relevant only if SYNC_SOURCE = ldap
	# ---------------------------------------------------------------

	# URL of source ldap
	# a sample value would be: ldap://ldap.example.com:389
	# Must specify a value if SYNC_SOURCE is ldap
	SYNC_LDAP_URL =

	# ldap bind dn used to connect to ldap and query for users and groups
	# a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org
	# Must specify a value if SYNC_SOURCE is ldap
	SYNC_LDAP_BIND_DN =

	# ldap bind password for the bind dn specified above
	# please ensure read access to this file is limited to root, to protect the password
	# Must specify a value if SYNC_SOURCE is ldap
	# unless anonymous search is allowed by the directory on users and group
	SYNC_LDAP_BIND_PASSWORD =

	# search base for users and groups
	# sample value would be dc=hadoop,dc=apache,dc=org
	SYNC_LDAP_SEARCH_BASE =

	# search base for users
	# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
	# overrides value specified in SYNC_LDAP_SEARCH_BASE
	SYNC_LDAP_USER_SEARCH_BASE =

	# search scope for the users, only base, one and sub are supported values
	# please customize the value to suit your deployment
	# default value: sub
	SYNC_LDAP_USER_SEARCH_SCOPE = sub

	# objectclass to identify user entries
	# please customize the value to suit your deployment
	# default value: person
	SYNC_LDAP_USER_OBJECT_CLASS = person

	# optional additional filter constraining the users selected for syncing
	# a sample value would be (dept=eng)
	# please customize the value to suit your deployment
	# default value is empty
	SYNC_LDAP_USER_SEARCH_FILTER =

	# attribute from user entry that would be treated as user name
	# please customize the value to suit your deployment
	# default value: cn
	SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

	# attribute from user entry whose values would be treated as
	# group values to be pushed into Policy Manager database
	# You could provide multiple attribute names separated by comma
	# default value: memberof, ismemberof
	SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
	#
	# UserSync - Case Conversion Flags
	# possible values: none, lower, upper
	SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
	SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

	#user sync log path
	logdir=logs
	#/var/log/ranger/usersync

	# do we want to do ldapsearch to find groups instead of relying on user entry attributes
	# valid values: true, false
	# any value other than true would be treated as false
	# default value: false
	SYNC_GROUP_SEARCH_ENABLED=

	# do we want to do ldapsearch to find groups instead of relying on user entry attributes and
	# sync memberships of those groups
	# valid values: true, false
	# any value other than true would be treated as false
	# default value: false
	SYNC_GROUP_USER_MAP_SYNC_ENABLED=

	# search base for groups
	# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
	# overrides value specified in SYNC_LDAP_SEARCH_BASE, SYNC_LDAP_USER_SEARCH_BASE
	# if a value is not specified, takes the value of SYNC_LDAP_SEARCH_BASE
	# if SYNC_LDAP_SEARCH_BASE is also not specified, takes the value of SYNC_LDAP_USER_SEARCH_BASE
	SYNC_GROUP_SEARCH_BASE=

	# search scope for the groups, only base, one and sub are supported values
	# please customize the value to suit your deployment
	# default value: sub
	SYNC_GROUP_SEARCH_SCOPE=

	# objectclass to identify group entries
	# please customize the value to suit your deployment
	# default value: groupofnames
	SYNC_GROUP_OBJECT_CLASS=

	# optional additional filter constraining the groups selected for syncing
	# a sample value would be (dept=eng)
	# please customize the value to suit your deployment
	# default value is empty
	SYNC_LDAP_GROUP_SEARCH_FILTER=

	# attribute from group entry that would be treated as group name
	# please customize the value to suit your deployment
	# default value: cn
	SYNC_GROUP_NAME_ATTRIBUTE=

	# attribute from group entry that is list of members
	# please customize the value to suit your deployment
	# default value: member
	SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

	# do we want to use paged results control during ldapsearch for user entries
	# valid values: true, false
	# any value other than true would be treated as false
	# default value: true
	# if the value is false, typical AD would return would not returm more than 1000 entries
	SYNC_PAGED_RESULTS_ENABLED=

	# page size for paged results control
	# search results would be returned page by page with the specified number of entries per page
	# default value: 500
	SYNC_PAGED_RESULTS_SIZE=
	#LDAP context referral could be ignore or follow
	SYNC_LDAP_REFERRAL =ignore