For authentication, yes. For authorization, Ambari does not map LDAP groups to roles currently. For example, to give an LDAP user the admin privilege on Ambari, it has to be explicitly set via the UI (or API); there's no way to say "all users belonging to LDAP group hadoop-ops should automatically become an Ambari admin", as of Ambari 1.6.1.
However, there's a plan to introduce a more comprehensive authentication / authorization framework with better LDAP integration as part of 1.7.0. Yusaku On Tue, Jul 8, 2014 at 12:17 PM, Aaron Cody <[email protected]> wrote: > hello > Is it correct to assume that if we configure Ambari to use an external LDAP > server, that all web-app/REST call/user authentication/authorization will > then be delegated to LDAP? > > TIA > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
