[
https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715554#comment-16715554
]
Lukas Majercak commented on HADOOP-15995:
-----------------------------------------
Thanks for the quick comment [~lmccay].
Say i have two providers:
hadoop.security.group.mapping=org.apache.hadoop.security.CompositeGroupsMapping
hadoop.security.group.mapping.providers=a,b
hadoop.security.group.mapping.provider.a=org.apache.hadoop.security.LdapGroupsMapping
hadoop.security.group.mapping.provider.b=org.apache.hadoop.security.LdapGroupsMapping
hadoop.security.group.mapping.provider.a.ldap.bind.password=foo
hadoop.security.group.mapping.provider.b.ldap.bind.password=bar
Both providers will use
"hadoop.security.group.mapping.provider.ldap.bind.password" as the alias to get
password from config. i.e. they won't be distinguishable.
> LdapGroupsMapping should use the bind.password config value as credential
> alias
> -------------------------------------------------------------------------------
>
> Key: HADOOP-15995
> URL: https://issues.apache.org/jira/browse/HADOOP-15995
> Project: Hadoop Common
> Issue Type: Bug
> Components: common
> Reporter: Lukas Majercak
> Assignee: Lukas Majercak
> Priority: Major
> Attachments: HADOOP-15995.001.patch
>
>
> Currently, the property name hadoop.security.group.mapping.ldap.bind.password
> is used as an alias to get password from CredentialProviders. This has a big
> issue, which is that when we configure multiple LdapGroupsMapping providers
> through CompositeGroupsMapping, they will all have the same alias, and won't
> be able to be distinguished. The proposal is to use the value of the property
> instead, which would fix this issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
