[
https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715548#comment-16715548
]
Larry McCay edited comment on HADOOP-15995 at 12/10/18 9:03 PM:
----------------------------------------------------------------
Hi [~lukmajercak] - can you explain why the current implementation which is
aligned with other previously configured passwords doesn't meet your needs?
Changing the behavior to use the value of the property rather than the key of
the property as the alias definitely makes it different from other properties
and it doesn't seem to even preserve the ability to use the key.
I see now that you have described it better - or I somehow misread it before. :)
My concern is that this is not backward compatible and that previously, not
only was the value not used but the property was not required to be configured
at all. Now, you would require it to be set AND the password be provisioned
with a different alias.
If this is only a Composite group lookup issue, maybe a new property would make
sense?
was (Author: lmccay):
Hi [~lukmajercak] - can you explain why the current implementation which is
aligned with other previously configured passwords doesn't meet your needs?
Changing the behavior to use the value of the property rather than the key of
the property as the alias definitely makes it different from other properties
and it doesn't seem to even preserve the ability to use the key.
I see now that you have described it better - or I some how misread it before.
:)
My concern is that this is not backward compatible and that previously, not
only was the value not used but the property was not required to be configured
at all. Now, you would require it to be set AND the password be provisioned
with a different alias.
If this is only a Composite group lookup issue, maybe a new property would make
sense?
> LdapGroupsMapping should use the bind.password config value as credential
> alias
> -------------------------------------------------------------------------------
>
> Key: HADOOP-15995
> URL: https://issues.apache.org/jira/browse/HADOOP-15995
> Project: Hadoop Common
> Issue Type: Bug
> Components: common
> Reporter: Lukas Majercak
> Assignee: Lukas Majercak
> Priority: Major
> Attachments: HADOOP-15995.001.patch
>
>
> Currently, the property name hadoop.security.group.mapping.ldap.bind.password
> is used as an alias to get password from CredentialProviders. This has a big
> issue, which is that when we configure multiple LdapGroupsMapping providers
> through CompositeGroupsMapping, they will all have the same alias, and won't
> be able to be distinguished. The proposal is to use the value of the property
> instead, which would fix this issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
