You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/12/10 08:55:00 UTC

[jira] [Updated] (AMBARI-25018) setup-ldap can not be executed non-interactively when using SSL without custom TrustStore

     [ https://issues.apache.org/jira/browse/AMBARI-25018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated AMBARI-25018:
------------------------------------
    Labels: pull-request-available  (was: )

> setup-ldap can not be executed non-interactively when using SSL without custom TrustStore
> -----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-25018
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25018
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.8.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.8.0
>
>
> We should provide a way to our end user to execute {{ambari-server setup-ldap}} in a non-interactive way (i.e. all answers are provided by command line options).
> This is not the case when we would like to setup a secure LDAP (SSL is set to true) but we do not want to use a custom trust store. In this case the following question(s) are being asked:
> 1. Do you want to provide custom TrustStore for Ambari?
> 2. Optionally: if custom trust store was set previously the tool displays the earlier configuration and asks the following: Do you want to remove these properties?
> Sample run:
> {code:java}
> [root@c7401 ~]# ambari-server setup-ldap --ambari-admin-username=admin --ambari-admin-password=admin --ldap-url=ad-nano.qe.hortonworks.com:636 --ldap-secondary-url=: --ldap-user-class=user --ldap-user-
> attr=sAMAccountName --ldap-group-class=group --ldap-group-attr=cn --ldap-member-attr=member --ldap-dn=distinguishedName --ldap-base-dn=CN=Users,DC=hwqe,DC=hortonworks,DC=com --ldap-bind-anonym=false --ldap-manager-dn=cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com --ldap-manager-password=TestUser123 --ldap-referral=follow --ldap-sync-username-collisions-behavior=skip --ldap-force-lowercase-usernames=false --ldap-pagination-enabled=false --ldap-ssl=true --ldap-sync-disable-endpoint-identification=true --ldap-force-setup --ldap-save-settings --ldap-enabled-ambari=true --ldap-manage-services=true --ldap-enabled-services=* --ldap-user-group-member-attr=myMemberOf
> Using python  /usr/bin/python
> Fetching LDAP configuration from DB.
> Primary LDAP Host (ad-nano.qe.hortonworks.com): 
> Primary LDAP Port (636): 
> Secondary LDAP Host <Optional>: 
> Secondary LDAP Port <Optional>: 
> Use SSL [true/false] (true): 
> Disable endpoint identification during SSL handshake [true/false] (true): 
> Do you want to provide custom TrustStore for Ambari [y/n] (y)?n
> The TrustStore is already configured: 
>   ssl.trustStore.type = jks
>   ssl.trustStore.path = /tmp/ambari-server-truststore
>   ssl.trustStore.password = keystore
> Do you want to remove these properties [y/n] (y)? y
> User object class (user): 
> User ID attribute (sAMAccountName): 
> User group member attribute (myMemberOf): 
> Group object class (group): 
> Group name attribute (cn): 
> Group member attribute (member): 
> Distinguished name attribute (distinguishedName): 
> Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
> Referral method [follow/ignore] (follow): 
> Bind anonymously [true/false] (false): 
> Bind DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
> Enter Bind DN Password: 
> Confirm Bind DN Password: 
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip): 
> Force lower-case user names [true/false] (false):
> Results from LDAP are paginated when requested [true/false] (false):
> ====================
> Review Settings
> ====================
> Primary LDAP Host (ad-nano.qe.hortonworks.com):  ad-nano.qe.hortonworks.com
> Primary LDAP Port (636):  636
> Use SSL [true/false] (true):  true
> User object class (user):  user
> User ID attribute (sAMAccountName):  sAMAccountName
> User group member attribute (myMemberOf):  myMemberOf
> Group object class (group):  group
> Group name attribute (cn):  cn
> Group member attribute (member):  member
> Distinguished name attribute (distinguishedName):  distinguishedName
> Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com):  CN=Users,DC=hwqe,DC=hortonworks,DC=com
> Referral method [follow/ignore] (follow):  follow
> Bind anonymously [true/false] (false):  false
> Handling behavior for username collisions [convert/skip] for LDAP sync (skip):  skip
> Force lower-case user names [true/false] (false): false
> Results from LDAP are paginated when requested [true/false] (false): false
> ambari.ldap.connectivity.bind_dn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
> ambari.ldap.connectivity.bind_password: *****
> ambari.ldap.advanced.disable_endpoint_identification: true
> ambari.ldap.manage_services: true
> ambari.ldap.enabled_services: *
> Saving LDAP properties...
> Saving LDAP properties finished
> Ambari Server 'setup-ldap' completed successfully.{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)