Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.8.0
Description
We should provide a way to our end user to execute ambari-server setup-ldap in a non-interactive way (i.e. all answers are provided by command line options).
This is not the case when we would like to setup a secure LDAP (SSL is set to true) but we do not want to use a custom trust store. In this case the following question(s) are being asked:
1. Do you want to provide custom TrustStore for Ambari?
2. Optionally: if custom trust store was set previously the tool displays the earlier configuration and asks the following: Do you want to remove these properties?
Sample run:
[root@c7401 ~]# ambari-server setup-ldap --ambari-admin-username=admin --ambari-admin-password=admin --ldap-url=ad-nano.qe.hortonworks.com:636 --ldap-secondary-url=: --ldap-user-class=user --ldap-user- attr=sAMAccountName --ldap-group-class=group --ldap-group-attr=cn --ldap-member-attr=member --ldap-dn=distinguishedName --ldap-base-dn=CN=Users,DC=hwqe,DC=hortonworks,DC=com --ldap-bind-anonym=false --ldap-manager-dn=cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com --ldap-manager-password=TestUser123 --ldap-referral=follow --ldap-sync-username-collisions-behavior=skip --ldap-force-lowercase-usernames=false --ldap-pagination-enabled=false --ldap-ssl=true --ldap-sync-disable-endpoint-identification=true --ldap-force-setup --ldap-save-settings --ldap-enabled-ambari=true --ldap-manage-services=true --ldap-enabled-services=* --ldap-user-group-member-attr=myMemberOf Using python /usr/bin/python Fetching LDAP configuration from DB. Primary LDAP Host (ad-nano.qe.hortonworks.com): Primary LDAP Port (636): Secondary LDAP Host <Optional>: Secondary LDAP Port <Optional>: Use SSL [true/false] (true): Disable endpoint identification during SSL handshake [true/false] (true): Do you want to provide custom TrustStore for Ambari [y/n] (y)?n The TrustStore is already configured: ssl.trustStore.type = jks ssl.trustStore.path = /tmp/ambari-server-truststore ssl.trustStore.password = keystore Do you want to remove these properties [y/n] (y)? y User object class (user): User ID attribute (sAMAccountName): User group member attribute (myMemberOf): Group object class (group): Group name attribute (cn): Group member attribute (member): Distinguished name attribute (distinguishedName): Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com): Referral method [follow/ignore] (follow): Bind anonymously [true/false] (false): Bind DN (cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com): Enter Bind DN Password: Confirm Bind DN Password: Handling behavior for username collisions [convert/skip] for LDAP sync (skip): Force lower-case user names [true/false] (false): Results from LDAP are paginated when requested [true/false] (false): ==================== Review Settings ==================== Primary LDAP Host (ad-nano.qe.hortonworks.com): ad-nano.qe.hortonworks.com Primary LDAP Port (636): 636 Use SSL [true/false] (true): true User object class (user): user User ID attribute (sAMAccountName): sAMAccountName User group member attribute (myMemberOf): myMemberOf Group object class (group): group Group name attribute (cn): cn Group member attribute (member): member Distinguished name attribute (distinguishedName): distinguishedName Search Base (CN=Users,DC=hwqe,DC=hortonworks,DC=com): CN=Users,DC=hwqe,DC=hortonworks,DC=com Referral method [follow/ignore] (follow): follow Bind anonymously [true/false] (false): false Handling behavior for username collisions [convert/skip] for LDAP sync (skip): skip Force lower-case user names [true/false] (false): false Results from LDAP are paginated when requested [true/false] (false): false ambari.ldap.connectivity.bind_dn: cn=manager,cn=Users,dc=hwqe,dc=hortonworks,dc=com ambari.ldap.connectivity.bind_password: ***** ambari.ldap.advanced.disable_endpoint_identification: true ambari.ldap.manage_services: true ambari.ldap.enabled_services: * Saving LDAP properties... Saving LDAP properties finished Ambari Server 'setup-ldap' completed successfully.
Attachments
Issue Links
- links to
