ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laszlo Puskas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-21873) Grant admin privileges to users belonging to specific LDAP groups during LDAP sync
Date Tue, 05 Sep 2017 08:33:00 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-21873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Laszlo Puskas updated AMBARI-21873:
-----------------------------------
    Attachment:     (was: AMBARI-21873.trunk.v1.patch)

> Grant admin privileges to users belonging to specific LDAP groups during LDAP sync
> ----------------------------------------------------------------------------------
>
>                 Key: AMBARI-21873
>                 URL: https://issues.apache.org/jira/browse/AMBARI-21873
>             Project: Ambari
>          Issue Type: Improvement
>    Affects Versions: ambari-server
>            Reporter: Laszlo Puskas
>            Assignee: Laszlo Puskas
>         Attachments: AMBARI-21873.trunk.v2.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> This feature adds the possibility to handle users belonging to a defined LDAP groups
as ambari administrators during the LDAP sync.
> The list of the groups that need to be considered is stored in the ambari property:
> {code:none}
> authorization.ldap.adminGroupMappingRules
> {code}
> The solution is to grant admin privileges to users belonging to these groups on LDPA
sync.
> Warning:
> - changes in the LDAP group memberships will not be reflected in Ambari after the sync
(eg.: administrator privileges won't be automatically revoked if users are removed from the
groups listed in the property)
> - administrator privileges can be granted/removed by another administrator, thus these
actions can interfere
> - if groups are not synced, this property is not taken into account
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message