[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715560#comment-16715560 ]
Larry McCay commented on HADOOP-15995: -------------------------------------- I see [~lukmajercak], so can we make a change where we add the notion of the provider qualified properties? Where the caller will need to know which provider they are accessing and make a call for properties more closely resembling: hadoop.security.group.mapping.provider.a.ldap.bind.password hadoop.security.group.mapping.provider.b.ldap.bind.password That would leave the use of a single LdapGroupsMapping and existing deployments whole while accommodating the extended semantics that you need. Note: I have not dug into who would need that context and how it would be acquired yet. > LdapGroupsMapping should use the bind.password config value as credential > alias > ------------------------------------------------------------------------------- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common > Reporter: Lukas Majercak > Assignee: Lukas Majercak > Priority: Major > Attachments: HADOOP-15995.001.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org