You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/10/21 18:59:58 UTC

[jira] [Created] (AMBARI-18664) While syncing with LDAP, username collisions should be handled based on configuration value

Robert Levas created AMBARI-18664:
-------------------------------------

             Summary: While syncing with LDAP, username collisions should be handled based on configuration value
                 Key: AMBARI-18664
                 URL: https://issues.apache.org/jira/browse/AMBARI-18664
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Eugene Chekanskiy
             Fix For: 2.4.2


While syncing with LDAP, username collisions should be handled based on an LDAP sync configuration value.

The configuration options should be to indicate the following behaviors
* convert 
** convert the existing (non-LDAP user) user to an LDAP user
** This is the existing behavior
* skip
** skip or ignore the collision, leaving the existing user unchanged
** a new user record should not be created

Note: Future behavior may be to cause the sync operation to fail, but that shouldn't be handed yet.

This configuration value should be set when setting up LDAP sync properties via {{ambari-server setup-ldap}} and be enforced when processing the sync operation in methods like {{org.apache.ambari.server.controller.AmbariManagementControllerImpl#synchronizeLdapUsersAndGroups}} or {{org.apache.ambari.server.security.authorization.Users#processLdapSync}}.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)