[
https://issues.apache.org/jira/browse/HADOOP-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
zhiyong zhang updated HADOOP-5851:
----------------------------------
Attachment: HADOOP-5851.patch
use hostname.split("[-\\.]") to extract servlet context path (war file name)
> proxy to call LDAP for IP lookup and get user ID and directories, validate
> requested URL
> ----------------------------------------------------------------------------------------
>
> Key: HADOOP-5851
> URL: https://issues.apache.org/jira/browse/HADOOP-5851
> Project: Hadoop Core
> Issue Type: New Feature
> Components: contrib/hdfsproxy
> Reporter: zhiyong zhang
> Assignee: zhiyong zhang
> Priority: Critical
> Attachments: HADOOP-5851.patch, HADOOP-5851.patch
>
>
> It is easy to manage user accounts using LDAP. by adding support for LDAP,
> proxy can do IP authorization in a headless fashion.
> when a user send a request, proxy extract IP address and request PathInfo
> from the request. then it searches the LDAP server to get the allowed HDFS
> root paths given the IP address. Proxy will match the user request PathInfo
> with the allowed HDFS root path, return 403 if it could not find a match.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
