Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-13767

LDAP - Group Membership not pulled in with FreeIPA/RHELIDM

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.1.2
    • 2.2.0
    • ambari-server
    • None

    • All OS

    Description

      When troubleshooting why the group members are not being sync'd with FreeIPA, a packet trace helped identify the issue. With ActiveDirectory the user's DN is exposed as an attribute: "distinguishedName", this is not the case inFreeIPA/RHEL IDM (using 389 DS for the directory server implementation). The DN is not an attribute on the user, and cannot be used in a filter like this:

      (&(objectClass=posixaccount)(|(dn=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local)(uid=uid=dstreev,cn=users,cn=accounts,dc=hdp,dc=local)))

      Attachments

        1. AMBARI-13767_v4.patch
          24 kB
          Oliver Szabo

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-14386 sync-ldap does not pull in group-member associations

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Review board

          Activity

            People

              oleewere Oliver Szabo
              oleewere Oliver Szabo
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: