Attila Kanto created AMBARI-20731:
-------------------------------------
Summary: Automatic mapping of external users to Administrator does
not work
Key: AMBARI-20731
URL: https://issues.apache.org/jira/browse/AMBARI-20731
Project: Ambari
Issue Type: Bug
Affects Versions: 2.5.0
Reporter: Attila Kanto
I have connected Ambari to external LDAP and synchronised users from there with
the following commands:
{code}
ambari-server setup-ldap \
--ldap-url="10.0.3.138:389" \
--ldap-secondary-url="10.0.1.54:389" \
--ldap-ssl="false" \
--ldap-user-class="person" \
--ldap-user-attr="CN" \
--ldap-group-class="group" \
--ldap-group-attr="cn" \
--ldap-member-attr="member" \
--ldap-dn="distinguishName" \
--ldap-base-dn="DC=ad,DC=hwx,DC=com" \
--ldap-referral="follow" \
--ldap-bind-anonym=false \
--ldap-manager-dn="CN=Administrator,CN=Users,DC=ad,DC=hwx,DC=com" \
--ldap-manager-password='*****!' \
--ldap-save-settings
ambari-server sync-ldap --all
{code}
I have also configured the admin group mapping, to sync users that are in a
certain LDAP group as Administrators. The propert what I have set up is
described here:
https://github.com/apache/ambari/blob/trunk/ambari-server/docs/configuration/index.md
|authorization.ldap.adminGroupMappingRules|A comma-separate list of groups
which would give a user administrative access to Ambari when syncing from LDAP.
This is only used when authorization.ldap.groupSearchFilter is blank.
The following are examples of valid values:
administrators
Hadoop Admins,Hadoop Admins.*,DC Admins,.*Hadoop Operators|
Unfortunately the authorization.ldap.adminGroupMappingRule configuration does
not work and the users are not synchronized as Administrators into Ambari.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
