You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2018/06/06 16:24:00 UTC

[jira] [Created] (AMBARI-24045) Ambari schedule LDAP sync to occur periodically instead of requiring manual CLI command with admin creds

Hari Sekhon created AMBARI-24045:
------------------------------------

             Summary: Ambari schedule LDAP sync to occur periodically instead of requiring manual CLI command with admin creds
                 Key: AMBARI-24045
                 URL: https://issues.apache.org/jira/browse/AMBARI-24045
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-server, security
    Affects Versions: 2.6.0
         Environment: HDP 2.6
            Reporter: Hari Sekhon


Request to add LDAP user/group sync scheduling to occur automatically periodically (eg. hourly) rather than requiring a manual external CLI ambari sync-ldap command which prompts for admin creds which is less safe to schedule (as it would require embedding admin creds somewhere and in secure audited environments without the generic 'admin' account this would mean some admin's personal credentials).

Right now Ambari is a sticking point in environments where everything is AD integrated as it is the only thing that doesn't pick up the new user in a group - it waits until one can find somebody with the right admin creds to grant a new admin access they should automatically inherit to Ambari via group memberships.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)