[
https://issues.apache.org/jira/browse/AMBARI-25062?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-25062:
----------------------------------
Status: Patch Available (was: Open)
> Optionally execute the post user creation hook on existing users during LDAP
> sync
> ---------------------------------------------------------------------------------
>
> Key: AMBARI-25062
> URL: https://issues.apache.org/jira/browse/AMBARI-25062
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.8.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Optionally execute the post user creation hook on existing users during LDAP
> sync.
> The post user creation hook is executed on users when created or imported
> into Ambari. This hook is executed given the following criteria is met:
> # The post user creation hook is enabled (ambari.properties -
> {{ambari.post.user.creation.hook.enabled = true}}, default: {{false}})
> # The post user creation hook is set and available (ambari.properties -
> {{ambari.post.user.creation.hook = <path to script>}}, default:
> {{/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh}})
> # HDFS is installed and running.
> It is possible to have executed the LDAP sync process before all of the
> criteria has been met. Therefore, it would be beneficial to trigger the post
> user creation hook to be executed on these users when the criteria has been
> met.
> To do this, an optional property should be set on the LDAP sync request -
> {{post_process_existing_users}}. The {{post_process_existing_users}}
> property is part of a "spec" object and should be set to either "true" or
> "false", if set at all. If set to "true", the post user creation hook will
> be executed on all user's that come back from the LDAP query that also exist
> in the Ambari database as LDAP users.
> Example REST API calls:
> {noformat:title=Sync All Users and Groups}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "users",
> "sync_type": "all",
> "post_process_existing_users" : "true"
> },
> {
> "principal_type": "groups",
> "sync_type": "all",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> {noformat:title=Sync Specific Users}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "users",
> "sync_type": "specific",
> "names" : "user1, user2, user3",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> {noformat:title=Sync Specific Groups}
> POST /api/v1/ldap_sync_events
> [
> {
> "Event": {
> "specs": [
> {
> "principal_type": "groups",
> "sync_type": "specific",
> "names" : "hadoop_users, hadoop_admins",
> "post_process_existing_users" : "true"
> }
> ]
> }
> }
> ]
> {noformat}
> Using the Ambari sync-ldap CLI, an optional argument named
> "--post-process-existing-users" may be added to enable this feature.
> Example CLI calls:
> {noformat:title=Sync All Users and Groups}
> ambari-server sync-ldap --all --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Users}
> ambari-server sync-ldap --users users.txt --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Groups}
> ambari-server sync-ldap --groups groups.txt --post-process-existing-users
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
