[
https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225563#comment-13225563
]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
1) hadoop.security.group.mapping.ldap.bind.password should not be in the hadoop
conf file. This should be a pointer to a file that contains the password or
stored in the keystore.
2) I think the description for
hadoop.security.group.mapping.ldap.search.filter.user is a bit confusing.
Instead of "generic LDAP servers" just come out and say "non-AD schemas".
Additionally, I'd replace "will likely" to "should be".
3) I think the documentation needs to be clear what conditions this provider is
required. This is especially important given that this a) will likely be
unnecessary on the vast majority of properly configured systems b) bypasses the
caching that happens at the OS level, so could be a potential performance hit.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch,
> HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly
> to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
