[ https://issues.apache.org/jira/browse/AMBARI-13767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004346#comment-15004346 ]
Hadoop QA commented on AMBARI-13767: ------------------------------------ {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12772183/AMBARI-13767_v4.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in ambari-server: org.apache.ambari.server.orm.dao.AlertDefinitionDAOTest org.apache.ambari.server.controller.BackgroundCustomCommandExecutionTest org.apache.ambari.server.controller.AmbariCustomCommandExecutionHelperTest org.apache.ambari.server.functionaltests.server.StartStopServerTest org.apache.ambari.server.controller.AmbariManagementControllerTest org.apache.ambari.server.orm.dao.AlertDispatchDAOTest Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/4283//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/4283//console This message is automatically generated. > LDAP - Group Membership not pulled in with FreeIPA/RHELIDM > ---------------------------------------------------------- > > Key: AMBARI-13767 > URL: https://issues.apache.org/jira/browse/AMBARI-13767 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.1.2 > Environment: All OS > Reporter: Olivér Szabó > Assignee: Olivér Szabó > Priority: Critical > Fix For: 2.1.3 > > Attachments: AMBARI-13767_v4.patch > > > When troubleshooting why the group members are not being sync'd with FreeIPA, > a packet trace helped identify the issue. With ActiveDirectory the user's DN > is exposed as an attribute: "distinguishedName", this is not the case > inFreeIPA/RHEL IDM (using 389 DS for the directory server implementation). > The DN is not an attribute on the user, and cannot be used in a filter like > this: > {noformat} > (&(objectClass=posixaccount)(|(dn=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local)(uid=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local))) > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)