[AMBARI-18664] While syncing with LDAP, username collisions should be handled based on configuration value - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.5.0
Component/s: ambari-server
Labels:
None

Description

While syncing with LDAP, username collisions should be handled based on an LDAP sync configuration value.

The configuration options should be to indicate the following behaviors

convert
- convert the existing (non-LDAP user) user to an LDAP user
- This is the existing behavior
skip
- skip or ignore the collision, leaving the existing user unchanged
- a new user record should not be created

Note: Future behavior may be to cause the sync operation to fail, but that shouldn't be handed yet.

This configuration value should be set when setting up LDAP sync properties via ambari-server setup-ldap and be enforced when processing the sync operation in methods like org.apache.ambari.server.controller.AmbariManagementControllerImpl#synchronizeLdapUsersAndGroups or org.apache.ambari.server.security.authorization.Users#processLdapSync.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-18664_branch-2.5_01.patch
21/Oct/16 20:50
22 kB
Robert Levas
AMBARI-18664_branch-2.5_02.patch
24/Oct/16 16:33
21 kB
Robert Levas
AMBARI-18664_branch-2.5_03.patch
25/Oct/16 14:45
43 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Oct/16 18:59

Updated:: 25/Oct/16 17:29

Resolved:: 25/Oct/16 16:38