[
https://issues.apache.org/jira/browse/AMBARI-9170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9170:
---------------------------------
Attachment: AMBARI-9170_01.patch
* Added Velocity template engine to process templates in order to allow for
customizable attributes to generate Active Directory accounts
* Passing {{kerberos-env}} into {{KerberosOperationHandler}} instances
* Updated unit tests.
Patch File [^AMBARI-9170_01.patch]
> Principal creation for Active Directory accounts should be configurable
> -----------------------------------------------------------------------
>
> Key: AMBARI-9170
> URL: https://issues.apache.org/jira/browse/AMBARI-9170
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: active_directory, kerberos
> Fix For: 2.0.0
>
> Attachments: AMBARI-9170_01.patch
>
>
> The properties used to create accounts in an Active Directory, related to
> principal creation, should be configurable such that a user may specify the
> required fields and their values (with variable replacement).
> This may be done using a simple structure like XML or JSON, however a
> template facility (like Jinja2) may be more useful since conditional paths
> may be built in. The template should be stored in the {{kerberos-env}}
> configuration.
> An example of a need for a conditional path in a template is related to
> _service_ accounts vs _user_ accounts. A _service_ account (such as
> nn/\_HOST@REALM) should have the {{servicePrincipalName}} field set to the
> service's principal, where this value shouldn't be set for a _user_ account
> (such as hdfs@REALM).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
