[
https://issues.apache.org/jira/browse/AMBARI-24045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hari Sekhon updated AMBARI-24045:
---------------------------------
Summary: Ambari schedule LDAP user/group sync to occur periodically instead
of requiring manual CLI command with admin creds (was: Ambari schedule LDAP
sync to occur periodically instead of requiring manual CLI command with admin
creds)
> Ambari schedule LDAP user/group sync to occur periodically instead of
> requiring manual CLI command with admin creds
> -------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-24045
> URL: https://issues.apache.org/jira/browse/AMBARI-24045
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server, security
> Affects Versions: 2.6.0
> Environment: HDP 2.6
> Reporter: Hari Sekhon
> Priority: Major
>
> Request to add LDAP user/group sync scheduling to occur automatically
> periodically (eg. hourly) rather than requiring a manual external CLI ambari
> sync-ldap command which prompts for admin creds which is less safe to
> schedule (as it would require embedding admin creds somewhere and in secure
> audited environments without the generic 'admin' account this would mean some
> admin's personal credentials).
> Right now Ambari is a sticking point in environments where everything is AD
> integrated as it is the only thing that doesn't pick up the new user in a
> group - it waits until one can find somebody with the right admin creds to
> grant a new admin access they should automatically inherit to Ambari via
> group memberships.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
