You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Laszlo Puskas (JIRA)" <ji...@apache.org> on 2017/09/05 09:20:00 UTC

[jira] [Comment Edited] (AMBARI-21873) Grant admin privileges to users belonging to specific LDAP groups during LDAP sync

    [ https://issues.apache.org/jira/browse/AMBARI-21873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153345#comment-16153345 ] 

Laszlo Puskas edited comment on AMBARI-21873 at 9/5/17 9:19 AM:
----------------------------------------------------------------

Committed .

trunk
{code:none}
committer	lpuskas <lp...@apache.org>	
Tue, 5 Sep 2017 11:14:53 +0200 (11:14 +0200)
commit	cf264c6c86e1275c6af8daafb13f1ace862af41d
{code}

branch-2.6
{code: none}
committer	lpuskas <lp...@apache.org>	
Tue, 5 Sep 2017 11:03:46 +0200 (11:03 +0200)
commit	f452063a9648c8d9aa866fb1d79b12f3878e04ae
{code}


was (Author: lpuskas):
Committed .

trunk
```
committer	lpuskas <lp...@apache.org>	
Tue, 5 Sep 2017 11:14:53 +0200 (11:14 +0200)
commit	cf264c6c86e1275c6af8daafb13f1ace862af41d
```

branch-2.6
```
committer	lpuskas <lp...@apache.org>	
Tue, 5 Sep 2017 11:03:46 +0200 (11:03 +0200)
commit	f452063a9648c8d9aa866fb1d79b12f3878e04ae
```

> Grant admin privileges to users belonging to specific LDAP groups during LDAP sync
> ----------------------------------------------------------------------------------
>
>                 Key: AMBARI-21873
>                 URL: https://issues.apache.org/jira/browse/AMBARI-21873
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Laszlo Puskas
>            Assignee: Laszlo Puskas
>             Fix For: 2.6.0
>
>         Attachments: AMBARI-21873.branch-2.6.v1.patch, AMBARI-21873.trunk.v2.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari administrators during the LDAP sync.
> The list of the groups that need to be considered is stored in the ambari property:
> {code:none}
> authorization.ldap.adminGroupMappingRules
> {code}
> The solution is to grant admin privileges to users belonging to these groups on LDPA sync.
> Warning:
> - changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.: administrator privileges won't be automatically revoked if users are removed from the groups listed in the property)
> - administrator privileges can be granted/removed by another administrator, thus these actions can interfere
> - if groups are not synced, this property is not taken into account
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)