[
https://issues.apache.org/jira/browse/HADOOP-8943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044523#comment-14044523
]
Kai Zheng commented on HADOOP-8943:
-----------------------------------
Brandon, I slightly updated the patch to reference the def in
CommonConfigurationKeysPublic. I agree we should use the API but I would think
it could be better that CommonConfigurationKeysPublic should be in the right
package, like org.apache.hadoop.common instead of org.apache.hadoop.fs, which
would help common facility codes like security related avoid coupling with fs
stuff. For this I will open a new JIRA to document. Thanks.
> Support multiple group mapping providers
> ----------------------------------------
>
> Key: HADOOP-8943
> URL: https://issues.apache.org/jira/browse/HADOOP-8943
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Fix For: 2.5.0
>
> Attachments: HADOOP-8943.patch, HADOOP-8943.patch, HADOOP-8943.patch,
> hadoop-8943-v2.patch, hadoop-8943-v3.patch, hadoop-8943-v4.patch
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> Discussed with Natty about LdapGroupMapping, we need to improve it so that:
> 1. It's possible to do different group mapping for different
> users/principals. For example, AD user should go to LdapGroupMapping service
> for group, but service principals such as hdfs, mapred can still use the
> default one ShellBasedUnixGroupsMapping;
> 2. Multiple ADs can be supported to do LdapGroupMapping;
> 3. It's possible to configure what kind of users/principals (regarding
> domain/realm is an option) should use which group mapping service/mechanism.
> 4. It's possible to configure and combine multiple existing mapping providers
> without writing codes implementing new one.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
