[jira] [Commented] (HADOOP-9125) LdapGroupsMapping threw CommunicationException after some idle time

Jonathan Natkins (JIRA) Tue, 11 Dec 2012 12:55:22 -0800

    [ 
https://issues.apache.org/jira/browse/HADOOP-9125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529329#comment-13529329
 ]


Jonathan Natkins commented on HADOOP-9125:
------------------------------------------

That seems like a relatively reasonable fix to me. The only thing I'm not sure 
of is which exception gets thrown if the connection fails due to the LDAP 
server being legitimately down, or something along those lines. You wouldn't 
want to spam the system with connection attempts that will never succeed.
                
> LdapGroupsMapping threw CommunicationException after some idle time
> -------------------------------------------------------------------
>
>                 Key: HADOOP-9125
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9125
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.3, 2.0.0-alpha
>            Reporter: Kai Zheng
>             Fix For: 2.0.3-alpha
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> LdapGroupsMapping threw exception as below after some idle time. During the 
> idle time no call to the group mapping provider should be made to repeat it.
> 2012-12-07 02:20:59,738 WARN org.apache.hadoop.security.LdapGroupsMapping: 
> Exception trying to get groups for user aduser2
> javax.naming.CommunicationException: connection closed [Root exception is 
> java.io.IOException: connection closed]; remaining name 
> 'CN=Users,DC=EXAMPLE,DC=COM'
>         at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1983)
>         at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
>         at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
>         at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
>         at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
>         at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
>         at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
>         at 
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
>         at 
> org.apache.hadoop.security.LdapGroupsMapping.getGroups(LdapGroupsMapping.java:187)
>         at 
> org.apache.hadoop.security.CompositeGroupsMapping.getGroups(CompositeGroupsMapping.java:97)
>         at org.apache.hadoop.security.Groups.doGetGroups(Groups.java:103)
>         at org.apache.hadoop.security.Groups.getGroups(Groups.java:70)
>         at 
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1035)
>         at org.apache.hadoop.hbase.security.User.getGroupNames(User.java:90)
>         at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:355)
>         at 
> org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:379)
>         at 
> org.apache.hadoop.hbase.security.access.AccessController.getUserPermissions(AccessController.java:1051)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at 
> org.apache.hadoop.hbase.regionserver.HRegion.exec(HRegion.java:4914)
>         at 
> org.apache.hadoop.hbase.regionserver.HRegionServer.execCoprocessor(HRegionServer.java:3546)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at 
> org.apache.hadoop.hbase.ipc.SecureRpcEngine$Server.call(SecureRpcEngine.java:372)
>         at 
> org.apache.hadoop.hbase.ipc.HBaseServer$Handler.run(HBaseServer.java:1399)
> Caused by: java.io.IOException: connection closed
>         at com.sun.jndi.ldap.LdapClient.ensureOpen(LdapClient.java:1558)
>         at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:503)
>         at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
>         ... 28 more
> 2012-12-07 02:20:59,739 WARN org.apache.hadoop.security.UserGroupInformation: 
> No groups available for user aduser2

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HADOOP-9125) LdapGroupsMapping threw CommunicationException after some idle time

Reply via email to