Hari Sekhon created AMBARI-24045:
------------------------------------
Summary: Ambari schedule LDAP sync to occur periodically instead
of requiring manual CLI command with admin creds
Key: AMBARI-24045
URL: https://issues.apache.org/jira/browse/AMBARI-24045
Project: Ambari
Issue Type: Improvement
Components: ambari-server, security
Affects Versions: 2.6.0
Environment: HDP 2.6
Reporter: Hari Sekhon
Request to add LDAP user/group sync scheduling to occur automatically
periodically (eg. hourly) rather than requiring a manual external CLI ambari
sync-ldap command which prompts for admin creds which is less safe to schedule
(as it would require embedding admin creds somewhere and in secure audited
environments without the generic 'admin' account this would mean some admin's
personal credentials).
Right now Ambari is a sticking point in environments where everything is AD
integrated as it is the only thing that doesn't pick up the new user in a group
- it waits until one can find somebody with the right admin creds to grant a
new admin access they should automatically inherit to Ambari via groupĀ
memberships.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
