Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-18664

While syncing with LDAP, username collisions should be handled based on configuration value

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.5.0
    • ambari-server
    • None

    Description

      While syncing with LDAP, username collisions should be handled based on an LDAP sync configuration value.

      The configuration options should be to indicate the following behaviors

      • convert
        • convert the existing (non-LDAP user) user to an LDAP user
        • This is the existing behavior
      • skip
        • skip or ignore the collision, leaving the existing user unchanged
        • a new user record should not be created

      Note: Future behavior may be to cause the sync operation to fail, but that shouldn't be handed yet.

      This configuration value should be set when setting up LDAP sync properties via ambari-server setup-ldap and be enforced when processing the sync operation in methods like org.apache.ambari.server.controller.AmbariManagementControllerImpl#synchronizeLdapUsersAndGroups or org.apache.ambari.server.security.authorization.Users#processLdapSync.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rlevas Robert Levas
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment