You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/12/07 14:23:00 UTC
[jira] [Created] (AMBARI-25018) setup-ldap can not be executed
non-interactively when using SSL without custom TrustStore
Sandor Molnar created AMBARI-25018:
--------------------------------------
Summary: setup-ldap can not be executed non-interactively when using SSL without custom TrustStore
Key: AMBARI-25018
URL: https://issues.apache.org/jira/browse/AMBARI-25018
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.8.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.8.0
We should provide a way to our end user to execute {{ambari-server setup-ldap}} in a non-interactive way (i.e. all answers are provided by command line options).
This is not the case when we would like to setup a secure LDAP (SSL is set to true) but we do not want to use a custom trust store. In this case the following question(s) are being asked:
1. Do you want to provide custom TrustStore for Ambari?
2. Optionally: if custom trust store was set previously the tool displays the earlier configuration and asks the following: Do you want to remove these properties?
Sample run:
{code:java}
[root@c7401 ~]# ambari-server setup-ldap --ambari-admin-username=admin --ambari-admin-password=admin --ldap-url=ad-nano.qe.hortonworks.com:636 --ldap-secondary-url=: --ldap-user-class=user --ldap-user-
attr=sAMAccountName --ldap-group-class=group --ldap-group-attr=cn --ldap-member-attr=member --ldap-dn=distinguishedName --ldap-base-dn=CN=Users,DC=hwqe,DC=hortonworks,DC=com --ldap-bind-anonym=false --ldap-manager-dn=cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com --ldap-manager-password=TestUser123 --ldap-referral=follow --ldap-sync-username-collisions-behavior=skip --ldap-force-lowercase-usernames=false --ldap-pagination-enabled=false --ldap-ssl=true --ldap-sync-disable-endpoint-identification=true --ldap-force-setup --ldap-save-settings --ldap-enabled-ambari=true --ldap-manage-services=true --ldap-enabled-services=* --ldap-user-group-member-attr=myMemberOf
Using python /usr/bin/python
Fetching LDAP configuration from DB.
Primary LDAP Host (ad-nano.qe.hortonworks.com):
Primary LDAP Port (636):
Secondary LDAP Host <Optional>:
Secondary LDAP Port <Optional>:
Use SSL [true/false] (true):
Disable endpoint identification during SSL handshake [true/false] (true):
Do you want to provide custom TrustStore for Ambari [y/n] (y)?n
The TrustStore is already configured:
ssl.trustStore.type = jks
ssl.trustStore.path = /tmp/ambari-server-truststore
ssl.trustStore.password = keystore
Do you want to remove these properties [y/n] (y)? y
User object class (user):
User ID attribute (sAMAccountName):
User group member attribute (myMemberOf):
Group object class (group):
Group name attribute (cn):
Group member attribute (member):
Distinguished name attribute (distinguishedName):
Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com):
Referral method [follow/ignore] (follow):
Bind anonymously [true/false] (false):
Bind DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com):
Enter Bind DN Password:
Confirm Bind DN Password:
Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
Force lower-case user names [true/false] (false):
Results from LDAP are paginated when requested [true/false] (false):
====================
Review Settings
====================
Primary LDAP Host (ad-nano.qe.hortonworks.com): ad-nano.qe.hortonworks.com
Primary LDAP Port (636): 636
Use SSL [true/false] (true): true
User object class (user): user
User ID attribute (sAMAccountName): sAMAccountName
User group member attribute (myMemberOf): myMemberOf
Group object class (group): group
Group name attribute (cn): cn
Group member attribute (member): member
Distinguished name attribute (distinguishedName): distinguishedName
Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com): CN=Users,DC=hwqe,DC=hortonworks,DC=com
Referral method [follow/ignore] (follow): follow
Bind anonymously [true/false] (false): false
Handling behavior for username collisions [convert/skip] for LDAP sync (skip): skip
Force lower-case user names [true/false] (false): false
Results from LDAP are paginated when requested [true/false] (false): false
ambari.ldap.connectivity.bind_dn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
ambari.ldap.connectivity.bind_password: *****
ambari.ldap.advanced.disable_endpoint_identification: true
ambari.ldap.manage_services: true
ambari.ldap.enabled_services: *
Saving LDAP properties...
Saving LDAP properties finished
Ambari Server 'setup-ldap' completed successfully.{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)