[
https://issues.apache.org/jira/browse/AMBARI-6689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddharth Wagle updated AMBARI-6689:
------------------------------------
Attachment: AMBARI-6689.patch
> Views : Admin - LDAP Support
> ----------------------------
>
> Key: AMBARI-6689
> URL: https://issues.apache.org/jira/browse/AMBARI-6689
> Project: Ambari
> Issue Type: Task
> Components: controller
> Affects Versions: 1.7.0
> Reporter: Siddharth Wagle
> Assignee: Siddharth Wagle
> Fix For: 1.7.0
>
> Attachments: AMBARI-6689.patch
>
>
> The existing LDAP integration should be fully supported as well as some new
> requirements.
> USERS
> It should be possible to sync users from an external LDAP.
> Sync LDAP users into Ambari DB (local) users. TBD, how to limit what LDAP
> users get imported?
> Sync username, flag as ldap=true
> Do NOT sync any password information (no LDAP user password info should
> be stored in Ambari DB)
> If the user is ldap=true, perform auth against external LDAP (as we do
> together). Otherwise, for a local user, perform auth against local user
> password
> If local user, ability to set/change user password ( by the user and by
> "ambari admin"s)
> Add a property to users (whether local or ldap=true) that active=true.
> This would give the ambari admin an ability to keep a user in the ambari
> system but disable their login. This is very useful when you want to lock out
> a user w/o having to delete the user or remove all their perms.
> Regardless of whether a user is local or LDAP, the user privilege mappings
> are handled in Ambari and stored in the Ambari DB.
> GROUPS
> It should be possible to sync groups and group membership from an external
> LDAP.
> Sync LDAP groups into Ambari DB (local) groups. TBD, how to limit what
> groups get imported?
> Sync the name and user membership
> Support local groups and ldap=true groups
> A group (local or ldap) can contain both local or ldap users.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
