[ https://issues.apache.org/jira/browse/AMBARI-24045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hari Sekhon updated AMBARI-24045: --------------------------------- Summary: Ambari schedule LDAP user/group sync to occur periodically instead of requiring manual CLI command with admin creds (was: Ambari schedule LDAP sync to occur periodically instead of requiring manual CLI command with admin creds) > Ambari schedule LDAP user/group sync to occur periodically instead of > requiring manual CLI command with admin creds > ------------------------------------------------------------------------------------------------------------------- > > Key: AMBARI-24045 > URL: https://issues.apache.org/jira/browse/AMBARI-24045 > Project: Ambari > Issue Type: Improvement > Components: ambari-server, security > Affects Versions: 2.6.0 > Environment: HDP 2.6 > Reporter: Hari Sekhon > Priority: Major > > Request to add LDAP user/group sync scheduling to occur automatically > periodically (eg. hourly) rather than requiring a manual external CLI ambari > sync-ldap command which prompts for admin creds which is less safe to > schedule (as it would require embedding admin creds somewhere and in secure > audited environments without the generic 'admin' account this would mean some > admin's personal credentials). > Right now Ambari is a sticking point in environments where everything is AD > integrated as it is the only thing that doesn't pick up the new user in a > group - it waits until one can find somebody with the right admin creds to > grant a new admin access they should automatically inherit to Ambari via > group memberships. -- This message was sent by Atlassian JIRA (v7.6.3#76005)