[jira] [Updated] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.

Mon, 23 May 2016 15:41:39 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mingliang Liu updated HADOOP-13105:
-----------------------------------
    Attachment: HADOOP-13105.001.patch

Thanks [~cnauroth] for the suggestion. I had a look at minikdc and find it's 
not straightforward to simply extend it. Actually I figured out a way similar 
to your last comment {{TestWebHdfsTimeouts}}. The only magic is 
{{AUTHENTICATE_SUCCESS_MSG}}. I don't like this hacking message but this is the 
best I can tell. The bright side is that, we're testing both connect and read 
timeout using a dummy server. As you stated, the JNDI documentation clearly 
spells out how to set both connection and read timeout. But still, in case the 
JNDI env variables are not working in upstream package, we'll find it out 
sooner than later.

As to exploring ApacheDS for testing the LDAP mapping code, I like the idea. 
Thanks for letting me know the in-progress [HADOOP-8145] work, [~jojochuang]. 
Actually I was expecting something alike before I checked out the 
{{TestLdapGroupsMapping}}. I was disappointed that we were just mocking the 
stuff.

However, as 1) the change will bring new dependencies (ApacheDS test module), 
2) heavy to use (I personally don't like the aspect-like annotations) 3) I 
don't know easy way to make the server delay for a specific period, I suggest 
we consolidate the effort of testing these features against a real LDAP server 
along with other test cases in [HADOOP-8145], clearly in a new class as what's 
you're doing.

> Support timeouts in LDAP queries in LdapGroupsMapping.
> ------------------------------------------------------
>
>                 Key: HADOOP-13105
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13105
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Chris Nauroth
>            Assignee: Mingliang Liu
>         Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch
>
>
> {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries.  
> This can create a risk of a very long/infinite wait on a connection.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to