Robert Levas created AMBARI-18664:
-------------------------------------
Summary: While syncing with LDAP, username collisions should be
handled based on configuration value
Key: AMBARI-18664
URL: https://issues.apache.org/jira/browse/AMBARI-18664
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Eugene Chekanskiy
Fix For: 2.4.2
While syncing with LDAP, username collisions should be handled based on an LDAP
sync configuration value.
The configuration options should be to indicate the following behaviors
* convert
** convert the existing (non-LDAP user) user to an LDAP user
** This is the existing behavior
* skip
** skip or ignore the collision, leaving the existing user unchanged
** a new user record should not be created
Note: Future behavior may be to cause the sync operation to fail, but that
shouldn't be handed yet.
This configuration value should be set when setting up LDAP sync properties via
{{ambari-server setup-ldap}} and be enforced when processing the sync operation
in methods like
{{org.apache.ambari.server.controller.AmbariManagementControllerImpl#synchronizeLdapUsersAndGroups}}
or {{org.apache.ambari.server.security.authorization.Users#processLdapSync}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
