You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/11/29 14:52:01 UTC
[jira] [Commented] (AMBARI-20731) Automatic mapping of external
users to Administrator does not work
[ https://issues.apache.org/jira/browse/AMBARI-20731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16270888#comment-16270888 ]
Robert Levas commented on AMBARI-20731:
---------------------------------------
This is possibly related to and maybe a duplicate of AMBARI-21873.
> Automatic mapping of external users to Administrator does not work
> ------------------------------------------------------------------
>
> Key: AMBARI-20731
> URL: https://issues.apache.org/jira/browse/AMBARI-20731
> Project: Ambari
> Issue Type: Bug
> Affects Versions: 2.5.0
> Reporter: Attila Kanto
> Assignee: Robert Levas
>
> I have connected Ambari to external LDAP and synchronised users from there with the following commands:
> {code}
> ambari-server setup-ldap \
> --ldap-url="10.0.3.138:389" \
> --ldap-secondary-url="10.0.1.54:389" \
> --ldap-ssl="false" \
> --ldap-user-class="person" \
> --ldap-user-attr="CN" \
> --ldap-group-class="group" \
> --ldap-group-attr="cn" \
> --ldap-member-attr="member" \
> --ldap-dn="distinguishName" \
> --ldap-base-dn="DC=ad,DC=hwx,DC=com" \
> --ldap-referral="follow" \
> --ldap-bind-anonym=false \
> --ldap-manager-dn="CN=Administrator,CN=Users,DC=ad,DC=hwx,DC=com" \
> --ldap-manager-password='*****!' \
> --ldap-save-settings
> ambari-server sync-ldap --all
> {code}
> I have also configured the admin group mapping, to sync users that are in a certain LDAP group as Administrators. The propert what I have set up is described here: https://github.com/apache/ambari/blob/trunk/ambari-server/docs/configuration/index.md
>
> |authorization.ldap.adminGroupMappingRules|A comma-separate list of groups which would give a user administrative access to Ambari when syncing from LDAP. This is only used when authorization.ldap.groupSearchFilter is blank.
> The following are examples of valid values:
> administrators
> Hadoop Admins,Hadoop Admins.*,DC Admins,.*Hadoop Operators|
> Unfortunately the authorization.ldap.adminGroupMappingRule configuration does not work and the users are not synchronized as Administrators into Ambari.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)