Aleksandr Kovalenko created AMBARI-17787:
--------------------------------------------
Summary: LDAPS must be used to communicate with an Active
Directory when Kerberos is being enabled (FE)
Key: AMBARI-17787
URL: https://issues.apache.org/jira/browse/AMBARI-17787
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 2.0.0
Reporter: Aleksandr Kovalenko
Assignee: Aleksandr Kovalenko
Priority: Critical
Fix For: trunk
LDAPS must be used to communicate with an Active Directory when Kerberos is
being enabled.
This should be verified on input by the frontend to ensure that the proper
channel is open between Ambari and the Active Directory so Ambari can set and
update passwords when managing accounts in the Active Directory.
The LDAP URL, {{kerberos-env/ldap_url}} field must have the protocol set to
{{ldaps}} rather than {{ldap}} (or anything else). Ideally the port is set
correctly, be we cannot validate that since the LDAPS port can be changed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
