Author: atm
Date: Tue Mar 20 01:00:14 2012
New Revision: 1302740
URL: http://svn.apache.org/viewvc?rev=1302740&view=rev
Log:
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan
Natkins.
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml?rev=1302740&r1=1302739&r2=1302740&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
Tue Mar 20 01:00:14 2012
@@ -98,6 +98,12 @@ The default implementation, <code>org.ap
to the Unix <code>bash -c groups</code> command to resolve a list of groups
for a user.
</p>
<p>
+An alternate implementation, which connects directly to an LDAP server to
resolve the list of groups, is available
+via <code>org.apache.hadoop.security.LdapGroupsMapping</code>. However, this
provider should only be used if the
+required groups reside exclusively in LDAP, and are not materialized on the
Unix servers. More information on
+configuring the group mapping service is available in the Javadocs.
+</p>
+<p>
For HDFS, the mapping of users to groups is performed on the NameNode. Thus,
the host system configuration of
the NameNode determines the group mappings for the users.
</p>
