[
https://issues.apache.org/jira/browse/HADOOP-16525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912726#comment-16912726
]
Todd Lipcon commented on HADOOP-16525:
--------------------------------------
One potential wrinkle in this patch: do we currently consider the _first_ group
to be "primary" in the unix group mapping? I seem to recall we had some special
treatment of the first element in the returned list, in which case this patch
probably should move that primary group to the front before returning results.
Another question is whether this should be on or off by default. In this patch
it's on by default but for compat reasons maybe best not to do that?
> LDAP group mapping should include primary posix group
> -----------------------------------------------------
>
> Key: HADOOP-16525
> URL: https://issues.apache.org/jira/browse/HADOOP-16525
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Major
> Attachments: hadoop-16525.txt
>
>
> When configuring LdapGroupsMapping against FreeIPA, the current
> implementation searches for groups which have the user listed as a member.
> This catches all "secondary" groups but misses the user's primary group
> (typically the same name as their username). We should include a search for a
> group matching the user's primary gidNumber in the group search.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
