You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Aleksandr Kovalenko (JIRA)" <ji...@apache.org> on 2016/07/19 12:34:20 UTC
[jira] [Comment Edited] (AMBARI-17787) LDAPS must be used to
communicate with an Active Directory when Kerberos is being enabled (FE)
[ https://issues.apache.org/jira/browse/AMBARI-17787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15384085#comment-15384085 ]
Aleksandr Kovalenko edited comment on AMBARI-17787 at 7/19/16 12:33 PM:
------------------------------------------------------------------------
committed to trunk
was (Author: akovalenko):
committed to trukn
> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (FE)
> ----------------------------------------------------------------------------------------------
>
> Key: AMBARI-17787
> URL: https://issues.apache.org/jira/browse/AMBARI-17787
> Project: Ambari
> Issue Type: Bug
> Components: ambari-web
> Affects Versions: 2.0.0
> Reporter: Aleksandr Kovalenko
> Assignee: Aleksandr Kovalenko
> Priority: Critical
> Fix For: trunk
>
> Attachments: AMBARI-17787.patch
>
>
> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled.
> This should be verified on input by the frontend to ensure that the proper channel is open between Ambari and the Active Directory so Ambari can set and update passwords when managing accounts in the Active Directory.
> The LDAP URL, {{kerberos-env/ldap_url}} field must have the protocol set to {{ldaps}} rather than {{ldap}} (or anything else). Ideally the port is set correctly, be we cannot validate that since the LDAPS port can be changed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)