> On Jan. 11, 2016, 2:19 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java, > > line 233 > > <https://reviews.apache.org/r/41739/diff/2/?file=1177237#file1177237line233> > > > > This seems to be problematic. I think in the simple case, the default > > realm will work... since there will only be a single realm involved. > > However in more complex cases, there may be multiple realms involved... say > > where Ambari uses an MIT KDC for managed (service) identities and an Active > > Directory for unmanaged (user) identities. In this case, I suspect that > > the default realm will be the realm managed by the MIT KDC. > > > > Given the use-case that generated the issue that lead to this patch, I > > assume that the relevant realm would be the realm managed by the Active > > Directory, not the MIT KDC. > > > > Maybe you need more details on the logged in user to make the > > determination of what their realm is. Else, maybe you need to get the list > > of relevant realms and try each - hoping there isn't a collision. > > Gaurav Nagar wrote: > If the user realm is different from that of ambari then it will not work. > When we talked to selva about the fix, he suggested to take the default > realm as first step. He also suggested to add realm field to user, get it > populated from ldap and use it to get full username.
I am dropping this issue since it had been made clear that this is a temporary solition until a more appropriate solution can be created for a (near) future version of Ambari. The complete solution would be to create a map of remote users to local users (probably in Ambari's user table) and use that mapping as needed, like in the Hive view. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/41739/#review113819 ----------------------------------------------------------- On Dec. 29, 2015, 4:28 a.m., Gaurav Nagar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/41739/ > ----------------------------------------------------------- > > (Updated Dec. 29, 2015, 4:28 a.m.) > > > Review request for Ambari, DIPAYAN BHOWMICK, Srimanth Gunturi, Sid Wagle, and > Yusaku Sako. > > > Bugs: AMBARI-14503 > https://issues.apache.org/jira/browse/AMBARI-14503 > > > Repository: ambari > > > Description > ------- > > Changed getUsername call to return name with auth_to_local conversion in > ViewContextImpl. > Added getLoggedinUser to return loggedin ambari user. > > > Diffs > ----- > > ambari-server/pom.xml b5a9d49 > > ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java > a22c514 > ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java c0cae80 > contrib/views/files/src/main/resources/view.xml 58a7682 > contrib/views/hive/src/main/resources/view.xml e04ed4b > contrib/views/pig/src/main/resources/view.xml 30efae8 > contrib/views/tez/src/main/resources/view.xml d1ad5ad > > Diff: https://reviews.apache.org/r/41739/diff/ > > > Testing > ------- > > Manual Testing. > > > Thanks, > > Gaurav Nagar > >
