[
https://issues.apache.org/jira/browse/KNOX-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987272#comment-15987272
]
Ryan LaMothe commented on KNOX-461:
-----------------------------------
[~lmccay] Thank you for the quick response! PAM would not work for us, for a
variety of reasons, although we are currently migrating all cluster nodes to
SSSD w/group lookups so it may be worth investigating in the future. I was
unaware of the Hadoop Group Lookup Provider, that may just work for us, as we
already have the rest of our Hadoop services looking up AD/LDAP groups
correctly. We'll give it a try and get back to you if it doesn't meet our
needs. Thanks again!
> Leverage Directory Computed Attribute for User Group Discovery
> ---------------------------------------------------------------
>
> Key: KNOX-461
> URL: https://issues.apache.org/jira/browse/KNOX-461
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Dilli Arumugam
> Priority: Critical
> Fix For: Future
>
>
> Leverage Directory Computed Attribute for User Group Discovery
> We should use computed attribute memberof supported by Active Driectory to
> discover groups of the authenticated user. This would significantly boost
> performance as compared we computing groups using group search.
> OpenLDAP also could be configured to return computed groups.
> However, OpenLDAP would return this attribute as memberof.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
