[
https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715569#comment-16715569
]
Lukas Majercak commented on HADOOP-15995:
-----------------------------------------
Mm, not sure about adding a new property, as the password management is already
quite convoluted in the ldapgroupsmapping. For your second suggestion, we would
need to change the logic in CompositeGroupsMapping, as it currently creates a
copy of the config and populates the needed configuration keys and stripping
the provider name.
> LdapGroupsMapping should use the bind.password config value as credential
> alias
> -------------------------------------------------------------------------------
>
> Key: HADOOP-15995
> URL: https://issues.apache.org/jira/browse/HADOOP-15995
> Project: Hadoop Common
> Issue Type: Bug
> Components: common
> Reporter: Lukas Majercak
> Assignee: Lukas Majercak
> Priority: Major
> Attachments: HADOOP-15995.001.patch
>
>
> Currently, the property name hadoop.security.group.mapping.ldap.bind.password
> is used as an alias to get password from CredentialProviders. This has a big
> issue, which is that when we configure multiple LdapGroupsMapping providers
> through CompositeGroupsMapping, they will all have the same alias, and won't
> be able to be distinguished. The proposal is to use the value of the property
> instead, which would fix this issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
