ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yusaku Sako <>
Subject Re: quick ambari security question
Date Tue, 08 Jul 2014 19:35:46 GMT
For authentication, yes.
For authorization, Ambari does not map LDAP groups to roles currently.
For example, to give an LDAP user the admin privilege on Ambari, it
has to be explicitly set via the UI (or API); there's no way to say
"all users belonging to LDAP group hadoop-ops should automatically
become an Ambari admin", as of Ambari 1.6.1.

However, there's a plan to introduce a more comprehensive
authentication / authorization framework with better LDAP integration
as part of 1.7.0.


On Tue, Jul 8, 2014 at 12:17 PM, Aaron Cody <> wrote:
> hello
> Is it correct to assume that if we configure Ambari to use an external LDAP
> server, that all web-app/REST call/user authentication/authorization will
> then be delegated to LDAP?

NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

View raw message