You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/01/09 19:52:00 UTC

[jira] [Commented] (AMBARI-22667) Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server

    [ https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319032#comment-16319032 ] 

ASF GitHub Bot commented on AMBARI-22667:
-----------------------------------------

smolnar82 opened a new pull request #77: AMBARI-22667: Use internal LDAP configuration values rather than ambari.properties
URL: https://github.com/apache/ambari/pull/77
 
 
   @rlevas @zeroflag @echekanskiy 
   
   Local build result:
   
   [INFO] ------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] ------------------------------------------------------------------------
   [INFO] Total time: 33:51 min
   [INFO] Finished at: 2018-01-09T16:35:33+01:00
   [INFO] Final Memory: 215M/897M
   [INFO] ------------------------------------------------------------------------
   
   
   Besides updating the unit tests I also conducted integration tests against a sample LDAP server (ldap.forumsys.com:389):
   - uid=boyle with proper credentials (password=password) was able to use the API; retrieved HTTP response code of 200
   - uid=boyle with wrong credentials (password!=password) was not able to use the API; retrieved HTTP response code of 403
   
   Continuously checked ambari-server.log to see if LDAP configuration is loaded/reloaded from the DB.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-22667
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22667
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 3.0.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>              Labels: ldap
>             Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values when accessing the configured LDAP server for LDAP sync and authentication. 
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.  
> ** Rather then perform any operations, alert user to configure LDAP integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under the "ldap-configuration" category.
> * Remove relevant properties from {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)