[
https://issues.apache.org/jira/browse/HADOOP-9477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13649350#comment-13649350
]
Dapeng Sun commented on HADOOP-9477:
------------------------------------
Hi,Kai
As you note, regarding posix account we also need to consider multiple groups.
We can use memberUid against posixGroups to get more groups. Thus the overall
procedure would be:
userDn = ldap_lookup( (&(objectClass=posixAccount)(cn={0})), userName)
gidNumber = userDn.gidNumber
uidNumber = userDn.uidNumber
groupDnList=
ldap_lookup((&(objectClass=posixGroup)(|(gidNumber={0})(memberUid={1})),
[gidNumber, uidNumber])
For detail, please see my patch.
> posixGroups support for LDAP groups mapping service
> ---------------------------------------------------
>
> Key: HADOOP-9477
> URL: https://issues.apache.org/jira/browse/HADOOP-9477
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.0.4-alpha
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Fix For: 2.0.5-beta
>
> Attachments: HADOOP-9477.patch
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> It would be nice to support posixGroups for LdapGroupsMapping service. Below
> is from current description for the provider:
> hadoop.security.group.mapping.ldap.search.filter.group:
> An additional filter to use when searching for LDAP groups. This should be
> changed when resolving groups against a non-Active Directory installation.
> posixGroups are currently not a supported group class.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
