[
https://issues.apache.org/jira/browse/AMBARI-18860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vitaly Brodetskyi updated AMBARI-18860:
---------------------------------------
Status: Patch Available (was: Open)
> LDAPS must be used to communicate with an Active Directory when Kerberos is
> being enabled (BE)
> ----------------------------------------------------------------------------------------------
>
> Key: AMBARI-18860
> URL: https://issues.apache.org/jira/browse/AMBARI-18860
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Vitaly Brodetskyi
> Assignee: Vitaly Brodetskyi
> Fix For: 2.5.0
>
> Attachments: AMBARI-18860.patch
>
>
> LDAPS must be used to communicate with an Active Directory when Kerberos is
> being enabled.
> This should be verified on input by the backend to ensure that the proper
> channel is open between Ambari and the Active Directory so Ambari can set and
> update passwords when managing accounts in the Active Directory.
> The LDAP URL, kerberos-env/ldap_url field must have the protocol set to ldaps
> rather than ldap (or anything else). Ideally the port is set correctly, be we
> cannot validate that since the LDAPS port can be changed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
