You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Krisztian Kasa (JIRA)" <ji...@apache.org> on 2018/10/16 13:05:00 UTC

[jira] [Comment Edited] (AMBARI-24781) Ambari setup-ldap: change group member default for IPA

    [ https://issues.apache.org/jira/browse/AMBARI-24781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16651389#comment-16651389 ] 

Krisztian Kasa edited comment on AMBARI-24781 at 10/16/18 1:04 PM:
-------------------------------------------------------------------

* The storing settings in database issue was solved in AMBARI-24516
* Change the default value of "Group member attribute" for IPA to "member"
* Add --ldap-type option to choose the default values for missing options in cli mode



was (Author: kkasa):
* The storing settings in database issue was solved in AMBARI-24516
* Change the default value of "Group member attribute" for IPA to "member"
* Add --ldap-type option to choose the default values for missing options in cli mode
* The newly added option for "--ldap-sync-disable-endpoint-identification" should be defaulted to "true" to avoid issues with newer jdks.

> Ambari setup-ldap: change group member default for IPA
> ------------------------------------------------------
>
>                 Key: AMBARI-24781
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24781
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.1
>            Reporter: Kat Petre
>            Assignee: Krisztian Kasa
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.3
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The new cli options we introduced in Ambari 2.7.1 seem to be causing some problems. Here's a few observations from the past couple of days putting together the Ambari 2.7.1 - IPA security labs.
>  - Even after encrypting passwords and persisting thekey, the ambari-server setup-ldap cli doesn't seem to store the previous settings in the database. 
>  - The ldap-type option seemed to cause a lot of grief and confusion for the cli users. Could we please document its behavior in the cli help menu (and let's add it to the docs, after we get clarity)? 
>  - The default options for IPA integration aren't quite working. Please see the IPA lab for the values we have to override to get a working group resolution (*User object class* and *Group member attribute*) [https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-3.0-IPA.md#4-enable-ldap-for-ambari] 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)