[jira] [Commented] (HADOOP-8088) User-group mapping cache incorrectly does negative caching on transient failures

Fri, 16 Mar 2012 11:04:03 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231463#comment-13231463
 ] 

Devaraj Das commented on HADOOP-8088:
-------------------------------------

Thinking about it, it may make sense to not cache negatives at all (I don't 
think the original implementation aimed to handle this use-case). I can't 
imagine a situation where we'd have many queries for non-existent users (so 
we'd still be fine with not overloading the infrastructure, like ldap, which 
was the primary motivation for the cache). Does that make sense?
                
> User-group mapping cache incorrectly does negative caching on transient 
> failures
> --------------------------------------------------------------------------------
>
>                 Key: HADOOP-8088
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8088
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.20.205.0, 0.24.0, 0.23.1, 1.0.0, 1.1.0
>            Reporter: Kihwal Lee
>             Fix For: 0.24.0, 1.1.0, 0.23.2
>
>         Attachments: hadoop-8088-branch-1.patch, hadoop-8088-trunk.patch, 
> hadoop-8088-trunk.patch
>
>
> We've seen a case where some getGroups() calls fail when the ldap server or 
> the network is having transient failures. Looking at the code, the 
> shell-based and the JNI-based implementations swallow exceptions and return 
> an empty or partial list. The caller, Groups#getGroups() adds this likely 
> empty list into the mapping cache for the user. This will function as 
> negative caching until the cache expires. I don't think we want negative 
> caching here, but even if we do, it should be intelligent enough to 
> distinguish transient failures from ENOENT. The log message in the jni-based 
> impl also needs an improvement. It should print what exception it encountered 
> instead of just saying one happened.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to