You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/11/29 14:52:01 UTC

[jira] [Assigned] (AMBARI-20731) Automatic mapping of external users to Administrator does not work

     [ https://issues.apache.org/jira/browse/AMBARI-20731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas reassigned AMBARI-20731:
-------------------------------------

    Assignee: Robert Levas

> Automatic mapping of external users to Administrator does not work
> ------------------------------------------------------------------
>
>                 Key: AMBARI-20731
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20731
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Attila Kanto
>            Assignee: Robert Levas
>
> I have connected Ambari to external LDAP and synchronised users from there with the following commands: 
> {code}
> ambari-server setup-ldap \
> --ldap-url="10.0.3.138:389" \
> --ldap-secondary-url="10.0.1.54:389" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="CN" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distinguishName" \
> --ldap-base-dn="DC=ad,DC=hwx,DC=com" \
> --ldap-referral="follow" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="CN=Administrator,CN=Users,DC=ad,DC=hwx,DC=com" \
> --ldap-manager-password='*****!' \
> --ldap-save-settings
> ambari-server sync-ldap --all
> {code}
> I have also configured the admin group mapping, to sync users that are in a  certain LDAP group as Administrators. The propert what I have set up is described here: https://github.com/apache/ambari/blob/trunk/ambari-server/docs/configuration/index.md
>  
> |authorization.ldap.adminGroupMappingRules|A comma-separate list of groups which would give a user administrative access to Ambari when syncing from LDAP. This is only used when authorization.ldap.groupSearchFilter is blank.
> The following are examples of valid values:
> administrators
> Hadoop Admins,Hadoop Admins.*,DC Admins,.*Hadoop Operators|
> Unfortunately the authorization.ldap.adminGroupMappingRule configuration does not work and the users are not synchronized as Administrators into Ambari.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)