ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksandr Kovalenko (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-17787) LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (FE)
Date Tue, 19 Jul 2016 11:51:20 GMT
Aleksandr Kovalenko created AMBARI-17787:
--------------------------------------------

             Summary: LDAPS must be used to communicate with an Active Directory when Kerberos
is being enabled (FE)
                 Key: AMBARI-17787
                 URL: https://issues.apache.org/jira/browse/AMBARI-17787
             Project: Ambari
          Issue Type: Bug
          Components: ambari-web
    Affects Versions: 2.0.0
            Reporter: Aleksandr Kovalenko
            Assignee: Aleksandr Kovalenko
            Priority: Critical
             Fix For: trunk


LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled.


This should be verified on input by the frontend to ensure that the proper channel is open
between Ambari and the Active Directory so Ambari can set and update passwords when managing
accounts in the Active Directory. 

The LDAP URL, {{kerberos-env/ldap_url}} field must have the protocol set to {{ldaps}} rather
than {{ldap}} (or anything else).  Ideally the port is set correctly, be we cannot validate
that since the LDAPS port can be changed. 




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message