ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laszlo Puskas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-21873) Grant admin privileges to users belonging to specific LDAP groups during LDAP sync
Date Mon, 04 Sep 2017 09:55:00 GMT
Laszlo Puskas created AMBARI-21873:
--------------------------------------

             Summary: Grant admin privileges to users belonging to specific LDAP groups during
LDAP sync
                 Key: AMBARI-21873
                 URL: https://issues.apache.org/jira/browse/AMBARI-21873
             Project: Ambari
          Issue Type: Improvement
    Affects Versions: ambari-server
            Reporter: Laszlo Puskas
            Assignee: Laszlo Puskas


This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari
administrators during the LDAP sync.

The list of the groups that need to be considered is stored in the ambari property:

{code:none}
authorization.ldap.adminGroupMappingRules
{code}

The solution is to grant admin privileges to users belonging to these groups on LDPA sync.

Warning:
- changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.:
administrator privileges won't be automatically revoked if users are removed from the groups
listed in the property)
- administrator privileges can be granted/removed by another administrator, thus these actions
can interfere

 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message