Laszlo Puskas created AMBARI-21873:
--------------------------------------
Summary: Grant admin privileges to users belonging to specific
LDAP groups during LDAP sync
Key: AMBARI-21873
URL: https://issues.apache.org/jira/browse/AMBARI-21873
Project: Ambari
Issue Type: Improvement
Affects Versions: ambari-server
Reporter: Laszlo Puskas
Assignee: Laszlo Puskas
This feature adds the possibility to handle users belonging to a defined LDAP
groups as ambari administrators during the LDAP sync.
The list of the groups that need to be considered is stored in the ambari
property:
{code:none}
authorization.ldap.adminGroupMappingRules
{code}
The solution is to grant admin privileges to users belonging to these groups on
LDPA sync.
Warning:
- changes in the LDAP group memberships will not be reflected in Ambari after
the sync (eg.: administrator privileges won't be automatically revoked if users
are removed from the groups listed in the property)
- administrator privileges can be granted/removed by another administrator,
thus these actions can interfere
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
