[
https://issues.apache.org/jira/browse/HADOOP-16525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912735#comment-16912735
]
Todd Lipcon commented on HADOOP-16525:
--------------------------------------
Worth noting that this case isn't handled properly by the "isPosix" path
currently in the code. Namely, with FreeIPA, the 'member' attributes of the
groups refer to the user by DN rather than by UID.
Regarding the "primary group" issue, it already seems like there's some bugs
here in that I don't think LDAP guarantees any ordering of its results, so for
the existing ID-based POSIX path we don't return the primary one first.
[~liuml07] [~giovanni.fumarola] [~lukmajercak] [~dapengsun] it looks like you
folks may have worked on this code most recently. Mind giving your thoughts on
this path?
> LDAP group mapping should include primary posix group
> -----------------------------------------------------
>
> Key: HADOOP-16525
> URL: https://issues.apache.org/jira/browse/HADOOP-16525
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Major
> Attachments: hadoop-16525.txt
>
>
> When configuring LdapGroupsMapping against FreeIPA, the current
> implementation searches for groups which have the user listed as a member.
> This catches all "secondary" groups but misses the user's primary group
> (typically the same name as their username). We should include a search for a
> group matching the user's primary gidNumber in the group search.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
