You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Laszlo Puskas (JIRA)" <ji...@apache.org> on 2017/09/04 09:58:00 UTC
[jira] [Updated] (AMBARI-21873) Grant admin privileges to users
belonging to specific LDAP groups during LDAP sync
[ https://issues.apache.org/jira/browse/AMBARI-21873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laszlo Puskas updated AMBARI-21873:
-----------------------------------
Description:
This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari administrators during the LDAP sync.
The list of the groups that need to be considered is stored in the ambari property:
{code:none}
authorization.ldap.adminGroupMappingRules
{code}
The solution is to grant admin privileges to users belonging to these groups on LDPA sync.
Warning:
- changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.: administrator privileges won't be automatically revoked if users are removed from the groups listed in the property)
- administrator privileges can be granted/removed by another administrator, thus these actions can interfere
- if groups are not synced, this property is nit taken into account
was:
This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari administrators during the LDAP sync.
The list of the groups that need to be considered is stored in the ambari property:
{code:none}
authorization.ldap.adminGroupMappingRules
{code}
The solution is to grant admin privileges to users belonging to these groups on LDPA sync.
Warning:
- changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.: administrator privileges won't be automatically revoked if users are removed from the groups listed in the property)
- administrator privileges can be granted/removed by another administrator, thus these actions can interfere
> Grant admin privileges to users belonging to specific LDAP groups during LDAP sync
> ----------------------------------------------------------------------------------
>
> Key: AMBARI-21873
> URL: https://issues.apache.org/jira/browse/AMBARI-21873
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: ambari-server
> Reporter: Laszlo Puskas
> Assignee: Laszlo Puskas
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari administrators during the LDAP sync.
> The list of the groups that need to be considered is stored in the ambari property:
> {code:none}
> authorization.ldap.adminGroupMappingRules
> {code}
> The solution is to grant admin privileges to users belonging to these groups on LDPA sync.
> Warning:
> - changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.: administrator privileges won't be automatically revoked if users are removed from the groups listed in the property)
> - administrator privileges can be granted/removed by another administrator, thus these actions can interfere
> - if groups are not synced, this property is nit taken into account
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)