[
https://issues.apache.org/jira/browse/AMBARI-22667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16296952#comment-16296952
]
Robert Levas edited comment on AMBARI-22667 at 12/19/17 3:24 PM:
-----------------------------------------------------------------
[~smolnar]
{quote}
I'm going to extend
org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the
following fields:
defaultValue
obsoletePropertyName (to keep track of the property name we had before in
ambari.proerties)
description
{quote}
This is a great point. Maybe
org.apache.ambari.server.configuration.Configuration.ConfigurationProperty
should be bubbled up and used as values for the LDAP configuration keys. This
would also require the relevant utility methods from
org.apache.ambari.server.configuration.Configuration to be bubbled up to some
Configuration helper-like class. What do you think about that?
My guess is that eventually there will be other property sets moved into the
Ambari DB as well, so this may be a good approach for the long run.
As for {{obsoletePropertyName}}, I do not think we need to keep track of this.
What use would it have?
was (Author: rlevas):
[~smolnar]
{quote}
I'm going to extend
org.apache.ambari.server.ldap.domain.AmbariLdapConfigurationKeys with the
following fields:
defaultValue
obsoletePropertyName (to keep track of the property name we had before in
ambari.proerties)
description
{quote}
This is a great point. Maybe
org.apache.ambari.server.configuration.Configuration.ConfigurationProperty
should be bubbled up and used as values for the LDAP configuration keys. This
would also require the relevant utility methods from
org.apache.ambari.server.configuration.Configuration to be bubbled up to some
Configuration helper-like class. What do you think about that?
My guess is that eventually there will be other property sets moved into the
Ambari DB as well, so this may be a good approach for the long run.
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-22667
> URL: https://issues.apache.org/jira/browse/AMBARI-22667
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 3.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: ldap
> Fix For: 3.0.0
>
>
> Use internal LDAP configuration values rather than ambari.properties values
> when accessing the configured LDAP server for LDAP sync and authentication.
> * Deprecate {{setup-ldap}} from the {{ambari-server}} script.
> ** Rather then perform any operations, alert user to configure LDAP
> integration from the Ambari UI
> * Lookup LDAP-specific properties from the Ambari configuration data under
> the "ldap-configuration" category.
> * Remove relevant properties from
> {{org.apache.ambari.server.configuration.Configuration}}
> ** ambari.ldap.isConfigured
> ** authentication.ldap.useSSL
> ** authentication.ldap.primaryUrl
> ** authentication.ldap.secondaryUrl
> ** authentication.ldap.baseDn
> ** authentication.ldap.bindAnonymously
> ** authentication.ldap.managerDn
> ** authentication.ldap.managerPassword
> ** authentication.ldap.dnAttribute
> ** authentication.ldap.usernameAttribute
> ** authentication.ldap.username.forceLowercase
> ** authentication.ldap.userBase
> ** authentication.ldap.userObjectClass
> ** authentication.ldap.groupBase
> ** authentication.ldap.groupObjectClass
> ** authentication.ldap.groupNamingAttr
> ** authentication.ldap.groupMembershipAttr
> ** authorization.ldap.adminGroupMappingRules
> ** authentication.ldap.userSearchFilter
> ** authentication.ldap.alternateUserSearchEnabled
> ** authentication.ldap.alternateUserSearchFilter
> ** authorization.ldap.groupSearchFilter
> ** authentication.ldap.referral
> ** authentication.ldap.pagination.enabled
> ** authentication.ldap.sync.userMemberReplacePattern
> ** authentication.ldap.sync.groupMemberReplacePattern
> ** authentication.ldap.sync.userMemberFilter
> ** authentication.ldap.sync.groupMemberFilter
> ** ldap.sync.username.collision.behavior
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
