[
https://issues.apache.org/jira/browse/AMBARI-13767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olivér Szabó updated AMBARI-13767:
----------------------------------
Attachment: (was: AMBARI-13767.patch)
> LDAP - Group Membership not pulled in with FreeIPA/RHELIDM
> ----------------------------------------------------------
>
> Key: AMBARI-13767
> URL: https://issues.apache.org/jira/browse/AMBARI-13767
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.2
> Environment: All OS
> Reporter: Olivér Szabó
> Assignee: Olivér Szabó
> Priority: Critical
> Fix For: 2.1.3
>
> Attachments: AMBARI-13767_v2.patch
>
>
> When troubleshooting why the group members are not being sync'd with FreeIPA,
> a packet trace helped identify the issue. With ActiveDirectory the user's DN
> is exposed as an attribute: "distinguishedName", this is not the case
> inFreeIPA/RHEL IDM (using 389 DS for the directory server implementation).
> The DN is not an attribute on the user, and cannot be used in a filter like
> this:
> {noformat}
> (&(objectClass=posixaccount)(|(dn=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local)(uid=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local)))
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
