You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2017/12/19 10:17:00 UTC
[jira] [Comment Edited] (AMBARI-22667) Use internal LDAP
configuration values rather than ambari.properties values when accessing
the configured LDAP server
[ https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16296592#comment-16296592 ]
Sandor Molnar edited comment on AMBARI-22667 at 12/19/17 10:16 AM:
-------------------------------------------------------------------
[~rlevas]
Prior to 3.0.0 we included these properties (all that we are about to remove) in a MarkDown file (index.md) describing properties (name, default value, description) for its audience. I believe we should continue this going forward, right? If so, shall we do this under this task's umbrella or a new JIRA will be created?
I'm going to extend org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the following fields:
* defaultValue
* obsoletePropertyName (to keep track of the property name we had before in ambari.proerties)
* description
This way we will have the ability to modify the code which generates that .md file to include LDAP related configuration if we want to do this. Even if we did not want to do this I believe that these new fields are useful for any peers.
was (Author: smolnar):
[~rlevas]
Prior to 3.0.0 we included these properties (all that we are bout to remove) in a MarkDown file (index.md) describing properties (name, default value, description) for its audience. I believe we should continue this going forward, right? If so, shall we do this under this task's umbrella or a new JIRA will be created?
I'm going to extend org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the following fields:
* defaultValue
* obsoletePropertyName (to keep track of the property name we had before in ambari.proerties)
* description
This way we will have the ability to modify the code which generates that .md file to include LDAP related configuration if we want to do this. Even if we did not want to do this I believe that these new fields are useful for any peers.
> Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 3.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under the "ldap-configuration" category.
> * Remove relevant properties from {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)