You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/12/07 14:23:00 UTC

[jira] [Created] (AMBARI-25018) setup-ldap can not be executed non-interactively when using SSL without custom TrustStore

Sandor Molnar created AMBARI-25018:
--------------------------------------

             Summary: setup-ldap can not be executed non-interactively when using SSL without custom TrustStore
                 Key: AMBARI-25018
                 URL: https://issues.apache.org/jira/browse/AMBARI-25018
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.8.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.8.0


We should provide a way to our end user to execute {{ambari-server setup-ldap}} in a non-interactive way (i.e. all answers are provided by command line options).

This is not the case when we would like to setup a secure LDAP (SSL is set to true) but we do not want to use a custom trust store. In this case the following question(s) are being asked:
1. Do you want to provide custom TrustStore for Ambari?
2. Optionally: if custom trust store was set previously the tool displays the earlier configuration and asks the following: Do you want to remove these properties?

Sample run:
{code:java}
[root@c7401 ~]# ambari-server setup-ldap --ambari-admin-username=admin --ambari-admin-password=admin --ldap-url=ad-nano.qe.hortonworks.com:636 --ldap-secondary-url=: --ldap-user-class=user --ldap-user-
attr=sAMAccountName --ldap-group-class=group --ldap-group-attr=cn --ldap-member-attr=member --ldap-dn=distinguishedName --ldap-base-dn=CN=Users,DC=hwqe,DC=hortonworks,DC=com --ldap-bind-anonym=false --ldap-manager-dn=cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com --ldap-manager-password=TestUser123 --ldap-referral=follow --ldap-sync-username-collisions-behavior=skip --ldap-force-lowercase-usernames=false --ldap-pagination-enabled=false --ldap-ssl=true --ldap-sync-disable-endpoint-identification=true --ldap-force-setup --ldap-save-settings --ldap-enabled-ambari=true --ldap-manage-services=true --ldap-enabled-services=* --ldap-user-group-member-attr=myMemberOf
Using python  /usr/bin/python

Fetching LDAP configuration from DB.
Primary LDAP Host (ad-nano.qe.hortonworks.com): 
Primary LDAP Port (636): 
Secondary LDAP Host <Optional>: 
Secondary LDAP Port <Optional>: 
Use SSL [true/false] (true): 
Disable endpoint identification during SSL handshake [true/false] (true): 
Do you want to provide custom TrustStore for Ambari [y/n] (y)?n
The TrustStore is already configured: 
  ssl.trustStore.type = jks
  ssl.trustStore.path = /tmp/ambari-server-truststore
  ssl.trustStore.password = keystore
Do you want to remove these properties [y/n] (y)? y
User object class (user): 
User ID attribute (sAMAccountName): 
User group member attribute (myMemberOf): 
Group object class (group): 
Group name attribute (cn): 
Group member attribute (member): 
Distinguished name attribute (distinguishedName): 
Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com): 
Referral method [follow/ignore] (follow): 
Bind anonymously [true/false] (false): 
Bind DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): 
Enter Bind DN Password: 
Confirm Bind DN Password: 
Handling behavior for username collisions [convert/skip] for LDAP sync (skip): 
Force lower-case user names [true/false] (false):
Results from LDAP are paginated when requested [true/false] (false):
====================
Review Settings
====================
Primary LDAP Host (ad-nano.qe.hortonworks.com):  ad-nano.qe.hortonworks.com
Primary LDAP Port (636):  636
Use SSL [true/false] (true):  true
User object class (user):  user
User ID attribute (sAMAccountName):  sAMAccountName
User group member attribute (myMemberOf):  myMemberOf
Group object class (group):  group
Group name attribute (cn):  cn
Group member attribute (member):  member
Distinguished name attribute (distinguishedName):  distinguishedName
Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com):  CN=Users,DC=hwqe,DC=hortonworks,DC=com
Referral method [follow/ignore] (follow):  follow
Bind anonymously [true/false] (false):  false
Handling behavior for username collisions [convert/skip] for LDAP sync (skip):  skip
Force lower-case user names [true/false] (false): false
Results from LDAP are paginated when requested [true/false] (false): false
ambari.ldap.connectivity.bind_dn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com
ambari.ldap.connectivity.bind_password: *****
ambari.ldap.advanced.disable_endpoint_identification: true
ambari.ldap.manage_services: true
ambari.ldap.enabled_services: *
Saving LDAP properties...
Saving LDAP properties finished
Ambari Server 'setup-ldap' completed successfully.{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)