You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Sumit Mohanty (JIRA)" <ji...@apache.org> on 2014/07/31 01:43:40 UTC

[jira] [Commented] (AMBARI-6689) Views : Admin - LDAP Support

    [ https://issues.apache.org/jira/browse/AMBARI-6689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14080215#comment-14080215 ] 

Sumit Mohanty commented on AMBARI-6689:
---------------------------------------

LGTM, +1

> Views : Admin - LDAP Support
> ----------------------------
>
>                 Key: AMBARI-6689
>                 URL: https://issues.apache.org/jira/browse/AMBARI-6689
>             Project: Ambari
>          Issue Type: Task
>          Components: controller
>    Affects Versions: 1.7.0
>            Reporter: Siddharth Wagle
>            Assignee: Siddharth Wagle
>             Fix For: 1.7.0
>
>         Attachments: AMBARI-6689.patch
>
>
> The existing LDAP integration should be fully supported as well as some new requirements.
> USERS
> It should be possible to sync users from an external LDAP.
>     Sync LDAP users into Ambari DB (local) users. TBD, how to limit what LDAP users get imported?
>     Sync username, flag as ldap=true
>     Do NOT sync any password information (no LDAP user password info should be stored in Ambari DB)
>     If the user is ldap=true, perform auth against external LDAP (as we do together). Otherwise, for a local user, perform auth against local user password
>     If local user, ability to set/change user password ( by the user and by "ambari admin"s)
>     Add a property to users (whether local or ldap=true) that active=true. This would give the ambari admin an ability to keep a user in the ambari system but disable their login. This is very useful when you want to lock out a user w/o having to delete the user or remove all their perms.
> Regardless of whether a user is local or LDAP, the user privilege mappings are handled in Ambari and stored in the Ambari DB.
> GROUPS
> It should be possible to sync groups and group membership from an external LDAP.
>     Sync LDAP groups into Ambari DB (local) groups. TBD, how to limit what groups get imported?
>     Sync the name and user membership
>     Support local groups and ldap=true groups
>     A group (local or ldap) can contain both local or ldap users.



--
This message was sent by Atlassian JIRA
(v6.2#6252)