You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2018/06/06 16:24:00 UTC
[jira] [Updated] (AMBARI-24045) Ambari schedule LDAP user/group
sync to occur periodically instead of requiring manual CLI command with
admin creds
[ https://issues.apache.org/jira/browse/AMBARI-24045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hari Sekhon updated AMBARI-24045:
---------------------------------
Summary: Ambari schedule LDAP user/group sync to occur periodically instead of requiring manual CLI command with admin creds (was: Ambari schedule LDAP sync to occur periodically instead of requiring manual CLI command with admin creds)
> Ambari schedule LDAP user/group sync to occur periodically instead of requiring manual CLI command with admin creds
> -------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-24045
> URL: https://issues.apache.org/jira/browse/AMBARI-24045
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server, security
> Affects Versions: 2.6.0
> Environment: HDP 2.6
> Reporter: Hari Sekhon
> Priority: Major
>
> Request to add LDAP user/group sync scheduling to occur automatically periodically (eg. hourly) rather than requiring a manual external CLI ambari sync-ldap command which prompts for admin creds which is less safe to schedule (as it would require embedding admin creds somewhere and in secure audited environments without the generic 'admin' account this would mean some admin's personal credentials).
> Right now Ambari is a sticking point in environments where everything is AD integrated as it is the only thing that doesn't pick up the new user in a group - it waits until one can find somebody with the right admin creds to grant a new admin access they should automatically inherit to Ambari via group memberships.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)