Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-9170

Principal creation for Active Directory accounts should be configurable

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The properties used to create accounts in an Active Directory, related to principal creation, should be configurable such that a user may specify the required fields and their values (with variable replacement).

      This may be done using a simple structure like XML or JSON, however a template facility (like Jinja2) may be more useful since conditional paths may be built in. The template should be stored in the kerberos-env configuration.

      An example of a need for a conditional path in a template is related to service accounts vs user accounts. A service account (such as nn/_HOST@REALM) should have the servicePrincipalName field set to the service's principal, where this value shouldn't be set for a user account (such as hdfs@REALM).

      Attachments

        1. AMBARI-9170_01.patch
          73 kB
          Robert Levas
        2. AMBARI-9170_02.patch
          75 kB
          Robert Levas
        3. AMBARI-9170_03.patch
          76 kB
          Robert Levas

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rlevas Robert Levas
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment