Siddharth Wagle created AMBARI-6689:
---------------------------------------
Summary: Views : Admin - LDAP Support
Key: AMBARI-6689
URL: https://issues.apache.org/jira/browse/AMBARI-6689
Project: Ambari
Issue Type: Task
Components: controller
Affects Versions: 1.7.0
Reporter: Siddharth Wagle
Assignee: Siddharth Wagle
Fix For: 1.7.0
The existing LDAP integration should be fully supported as well as some new
requirements.
USERS
It should be possible to sync users from an external LDAP.
Sync LDAP users into Ambari DB (local) users. TBD, how to limit what LDAP
users get imported?
Sync username, flag as ldap=true
Do NOT sync any password information (no LDAP user password info should be
stored in Ambari DB)
If the user is ldap=true, perform auth against external LDAP (as we do
together). Otherwise, for a local user, perform auth against local user password
If local user, ability to set/change user password ( by the user and by
"ambari admin"s)
Add a property to users (whether local or ldap=true) that active=true. This
would give the ambari admin an ability to keep a user in the ambari system but
disable their login. This is very useful when you want to lock out a user w/o
having to delete the user or remove all their perms.
Regardless of whether a user is local or LDAP, the user privilege mappings are
handled in Ambari and stored in the Ambari DB.
GROUPS
It should be possible to sync groups and group membership from an external LDAP.
Sync LDAP groups into Ambari DB (local) groups. TBD, how to limit what
groups get imported?
Sync the name and user membership
Support local groups and ldap=true groups
A group (local or ldap) can contain both local or ldap users.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
