You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Axton Grams (JIRA)" <ji...@apache.org> on 2018/07/05 20:10:00 UTC
[jira] [Commented] (AMBARI-24028) can't do ldap sync with ambari on
https
[ https://issues.apache.org/jira/browse/AMBARI-24028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16534089#comment-16534089 ]
Axton Grams commented on AMBARI-24028:
--------------------------------------
This patch corrects the issue. This should work with http, https, etc.
{code:java}
$ diff -ub /var/tmp/serverUtils.py /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py
--- /var/tmp/serverUtils.py 2018-07-02 12:26:34.132318024 -0400
+++ /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py 2018-07-02 12:28:13.395056225 -0400
@@ -20,6 +20,7 @@
import os
import time
+import socket
from ambari_commons.exceptions import FatalException, NonFatalException
from ambari_commons.logging_utils import get_verbose
from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
@@ -31,7 +32,7 @@
# Ambari server API properties
-SERVER_API_HOST = '127.0.0.1'
+SERVER_API_HOST = socket.gethostname()
SERVER_API_PROTOCOL = 'http'
SERVER_API_SSL_PROTOCOL = 'https'
{code}
This article appears to be related:
* [https://community.hortonworks.com/questions/119756/ambari-server-sync-ldap-no-longer-working.html]
This appears to have appears in RHEL 7 to address [CVE-2014-9365|https://access.redhat.com/security/cve/CVE-2014-9365]
* See [https://access.redhat.com/articles/2039753]
It looks like someone patched a hole that Ambari's "ambari-server" CLI came to depend on.
> can't do ldap sync with ambari on https
> ---------------------------------------
>
> Key: AMBARI-24028
> URL: https://issues.apache.org/jira/browse/AMBARI-24028
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.0
> Reporter: Charles Hedrick
> Priority: Major
>
> I converted ambari to https. Then I tried to do ldap sync. Got an error that 127.0.0.1 didn't match my hostname. ldap sync starts by making a connection to the ambari server. That needs to done using https, which require the certificate the match the hostname. But by hardcoding 127.0.0.1 as the hostname, you generate a mismatch.
> in /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py, SERVER_API_HOST needs to be computed, not hardwire. By hardwiring it to my hostname I got things to proceed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)