Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.5.0
-
None
Description
This feature adds the possibility to handle users belonging to a defined LDAP groups as ambari administrators during the LDAP sync.
The list of the groups that need to be considered is stored in the ambari property:
authorization.ldap.adminGroupMappingRules
The solution is to grant admin privileges to users belonging to these groups on LDPA sync.
Warning:
- changes in the LDAP group memberships will not be reflected in Ambari after the sync (eg.: administrator privileges won't be automatically revoked if users are removed from the groups listed in the property)
- administrator privileges can be granted/removed by another administrator, thus these actions can interfere
- if groups are not synced, this property is not taken into account
Attachments
Attachments
Issue Links
- is related to
-
AMBARI-20731 Automatic mapping of external users to Administrator does not work
-
- Resolved
-
- links to
