Return-Path: <issues-return-19790-archive-asf-public=cust-asf.ponee.io@ambari.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 3B965200B49
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 19 Jul 2016 13:55:23 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 38B70160A89; Tue, 19 Jul 2016 11:55:23 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id ADF6D160A8C
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 19 Jul 2016 13:55:22 +0200 (CEST)
Received: (qmail 40413 invoked by uid 500); 19 Jul 2016 11:55:21 -0000
Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@ambari.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@ambari.apache.org>
List-Post: <mailto:issues@ambari.apache.org>
List-Id: <issues.ambari.apache.org>
Reply-To: dev@ambari.apache.org
Delivered-To: mailing list issues@ambari.apache.org
Received: (qmail 40354 invoked by uid 99); 19 Jul 2016 11:55:21 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2016 11:55:21 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id AC4AB2C0D5C
	for <issues@ambari.apache.org>; Tue, 19 Jul 2016 11:55:20 +0000 (UTC)
Date: Tue, 19 Jul 2016 11:55:20 +0000 (UTC)
From: "Aleksandr Kovalenko (JIRA)" <jira@apache.org>
To: issues@ambari.apache.org
Message-ID: <JIRA.12990740.1468929023000.71270.1468929320703@Atlassian.JIRA>
In-Reply-To: <JIRA.12990740.1468929023000@Atlassian.JIRA>
References: <JIRA.12990740.1468929023000@Atlassian.JIRA> <JIRA.12990740.1468929023241@arcas>
Subject: [jira] [Updated] (AMBARI-17787) LDAPS must be used to communicate
 with an Active Directory when Kerberos is being enabled (FE)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 19 Jul 2016 11:55:23 -0000


     [ https://issues.apache.org/jira/browse/AMBARI-17787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aleksandr Kovalenko updated AMBARI-17787:
-----------------------------------------
    Status: Patch Available  (was: Open)

> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (FE)
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-17787
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17787
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.0.0
>            Reporter: Aleksandr Kovalenko
>            Assignee: Aleksandr Kovalenko
>            Priority: Critical
>             Fix For: trunk
>
>         Attachments: AMBARI-17787.patch
>
>
> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled. 
> This should be verified on input by the frontend to ensure that the proper channel is open between Ambari and the Active Directory so Ambari can set and update passwords when managing accounts in the Active Directory. 
> The LDAP URL, {{kerberos-env/ldap_url}} field must have the protocol set to {{ldaps}} rather than {{ldap}} (or anything else).  Ideally the port is set correctly, be we cannot validate that since the LDAPS port can be changed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)