ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-18860) LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (BE)
Date Mon, 14 Nov 2016 12:33:58 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-18860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15663805#comment-15663805
] 

Hudson commented on AMBARI-18860:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-branch-2.5 #314 (See [https://builds.apache.org/job/Ambari-branch-2.5/314/])
AMBARI-18860. LDAPS must be used to communicate with an Active Directory (vbrodetskyi: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2fdd066cf9eb81025738d75a5b8a0f1e83e4e85b])
* (edit) ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java


> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled
(BE)
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-18860
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18860
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Vitaly Brodetskyi
>            Assignee: Vitaly Brodetskyi
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-18860.patch
>
>
> LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled.
> This should be verified on input by the backend to ensure that the proper channel is
open between Ambari and the Active Directory so Ambari can set and update passwords when managing
accounts in the Active Directory.
> The LDAP URL, kerberos-env/ldap_url field must have the protocol set to ldaps rather
than ldap (or anything else). Ideally the port is set correctly, be we cannot validate that
since the LDAPS port can be changed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message