You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2018/12/20 16:25:00 UTC
[jira] [Updated] (AMBARI-25062) Optionally execute the post user
creation hook on existing users during LDAP sync
[ https://issues.apache.org/jira/browse/AMBARI-25062?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-25062:
----------------------------------
Status: Patch Available (was: Open)
> Optionally execute the post user creation hook on existing users during LDAP sync
> ---------------------------------------------------------------------------------
>
> Key: AMBARI-25062
> URL: https://issues.apache.org/jira/browse/AMBARI-25062
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.8.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Optionally execute the post user creation hook on existing users during LDAP sync.
> The post user creation hook is executed on users when created or imported into Ambari. This hook is executed given the following criteria is met:
> # The post user creation hook is enabled (ambari.properties - {{ambari.post.user.creation.hook.enabled = true}}, default: {{false}})
> # The post user creation hook is set and available (ambari.properties - {{ambari.post.user.creation.hook = <path to script>}}, default: {{/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh}})
> # HDFS is installed and running.
> It is possible to have executed the LDAP sync process before all of the criteria has been met. Therefore, it would be beneficial to trigger the post user creation hook to be executed on these users when the criteria has been met.
> To do this, an optional property should be set on the LDAP sync request - {{post_process_existing_users}}. The {{post_process_existing_users}} property is part of a "spec" object and should be set to either "true" or "false", if set at all. If set to "true", the post user creation hook will be executed on all user's that come back from the LDAP query that also exist in the Ambari database as LDAP users.
> Example REST API calls:
> {noformat:title=Sync All Users and Groups}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "users",
> "sync_type": "all",
> "post_process_existing_users" : "true"
> },
> {
> "principal_type": "groups",
> "sync_type": "all",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> {noformat:title=Sync Specific Users}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "users",
> "sync_type": "specific",
> "names" : "user1, user2, user3",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> {noformat:title=Sync Specific Groups}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "groups",
> "sync_type": "specific",
> "names" : "hadoop_users, hadoop_admins",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> Using the Ambari sync-ldap CLI, an optional argument named "--post-process-existing-users" may be added to enable this feature.
> Example CLI calls:
> {noformat:title=Sync All Users and Groups}
> ambari-server sync-ldap --all --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Users}
> ambari-server sync-ldap --users users.txt --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Groups}
> ambari-server sync-ldap --groups groups.txt --post-process-existing-users
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)