[
https://issues.apache.org/jira/browse/AMBARI-8737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hari Sekhon updated AMBARI-8737:
--------------------------------
Description:
A local accounts allows a matching ldap account login with either the local
password or the ldap password.
Allowing either the local or the ldap password seems a bit buggy to me, surely
ldap should take priority and local password should not be allowed at that
point for that given user.
was:
Ambari LDAP useres currently require local Ambari accounts. However when
creating local accounts it insists on a local password being given - and
testing shows it allows login via either the local password or the ldap
password when they are different.
There should be an option to set the user to be ldap only and store no password.
I can see this should probably have been done via sync-ldap instead... but
allowing either the local or the ldap password seems a bit buggy to me, surely
ldap should take priority and local password should not be allowed at that
point.
> LDAP vs local accounts
> ----------------------
>
> Key: AMBARI-8737
> URL: https://issues.apache.org/jira/browse/AMBARI-8737
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: 1.7.0
> Reporter: Hari Sekhon
> Priority: Minor
>
> A local accounts allows a matching ldap account login with either the local
> password or the ldap password.
> Allowing either the local or the ldap password seems a bit buggy to me,
> surely ldap should take priority and local password should not be allowed at
> that point for that given user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
