You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Axton Grams (JIRA)" <ji...@apache.org> on 2018/07/05 20:10:00 UTC

[jira] [Commented] (AMBARI-24028) can't do ldap sync with ambari on https

    [ https://issues.apache.org/jira/browse/AMBARI-24028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16534089#comment-16534089 ] 

Axton Grams commented on AMBARI-24028:
--------------------------------------

This patch corrects the issue.  This should work with http, https, etc.

 
{code:java}
$ diff -ub /var/tmp/serverUtils.py /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py
--- /var/tmp/serverUtils.py 2018-07-02 12:26:34.132318024 -0400
+++ /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py 2018-07-02 12:28:13.395056225 -0400
@@ -20,6 +20,7 @@
import os
 import time
+import socket
 from ambari_commons.exceptions import FatalException, NonFatalException
 from ambari_commons.logging_utils import get_verbose
 from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
@@ -31,7 +32,7 @@

 # Ambari server API properties
-SERVER_API_HOST = '127.0.0.1'
+SERVER_API_HOST = socket.gethostname()
 SERVER_API_PROTOCOL = 'http'
 SERVER_API_SSL_PROTOCOL = 'https'
{code}
This article appears to be related:
 * [https://community.hortonworks.com/questions/119756/ambari-server-sync-ldap-no-longer-working.html]

This appears to have appears in RHEL 7 to address [CVE-2014-9365|https://access.redhat.com/security/cve/CVE-2014-9365]
 * See [https://access.redhat.com/articles/2039753]

It looks like someone patched a hole that Ambari's "ambari-server" CLI came to depend on.

 

 

 

> can't do ldap sync with ambari on https
> ---------------------------------------
>
>                 Key: AMBARI-24028
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24028
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.6.0
>            Reporter: Charles Hedrick
>            Priority: Major
>
> I converted ambari to https. Then I tried to do ldap sync. Got an error that 127.0.0.1 didn't match my hostname. ldap sync starts by making a connection to the ambari server. That needs to done using https, which require the certificate the match the hostname. But by hardcoding 127.0.0.1 as the hostname, you generate a mismatch. 
> in /usr/lib/python2.6/site-packages/ambari_server/serverUtils.py, SERVER_API_HOST needs to be computed, not hardwire. By hardwiring it to my hostname I got things to proceed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)