[
https://issues.apache.org/jira/browse/AMBARI-24781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16651389#comment-16651389
]
Krisztian Kasa commented on AMBARI-24781:
-----------------------------------------
* The storing settings in database issue was solved in AMBARI-24516
* Change the default value of "Group member attribute" for IPA to "member"
* Add --ldap-type option to choose the default values for missing options in
cli mode
* The newly added option for "--ldap-sync-disable-endpoint-identification"
should be defaulted to "true" to avoid issues with newer jdks.
> Ambari setup-ldap: change group member default for IPA
> ------------------------------------------------------
>
> Key: AMBARI-24781
> URL: https://issues.apache.org/jira/browse/AMBARI-24781
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.1
> Reporter: Kat Petre
> Assignee: Krisztian Kasa
> Priority: Major
> Fix For: 2.7.3
>
>
> The new cli options we introduced in Ambari 2.7.1 seem to be causing some
> problems. Here's a few observations from the past couple of days putting
> together the Ambari 2.7.1 - IPA security labs.
> - Even after encrypting passwords and persisting thekey, the ambari-server
> setup-ldap cli doesn't seem to store the previous settings in the database.
> - The ldap-type option seemed to cause a lot of grief and confusion for the
> cli users. Could we please document its behavior in the cli help menu (and
> let's add it to the docs, after we get clarity)?
> - The default options for IPA integration aren't quite working. Please see
> the IPA lab for the values we have to override to get a working group
> resolution (*User object class* and *Group member attribute*)
> [https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-3.0-IPA.md#4-enable-ldap-for-ambari]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
