quick ambari security question

[Aaron Cody <ac...@hexiscyber.com>]

hello
Is it correct to assume that if we configure Ambari to use an external LDAP server, that all web-app/REST call/user authentication/authorization will then be delegated to LDAP?

TIA

Re: quick ambari security question

[Yusaku Sako <yu...@hortonworks.com>]

For authentication, yes.
For authorization, Ambari does not map LDAP groups to roles currently.
For example, to give an LDAP user the admin privilege on Ambari, it
has to be explicitly set via the UI (or API); there's no way to say
"all users belonging to LDAP group hadoop-ops should automatically
become an Ambari admin", as of Ambari 1.6.1.

However, there's a plan to introduce a more comprehensive
authentication / authorization framework with better LDAP integration
as part of 1.7.0.

Yusaku

On Tue, Jul 8, 2014 at 12:17 PM, Aaron Cody <ac...@hexiscyber.com> wrote:
> hello
> Is it correct to assume that if we configure Ambari to use an external LDAP
> server, that all web-app/REST call/user authentication/authorization will
> then be delegated to LDAP?
>
> TIA
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.