[jira] [Commented] (HDFS-7146) NFS ID/Group lookup requires SSSD enumeration on the server

Fri, 14 Nov 2014 14:38:01 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212985#comment-14212985
 ] 

Brandon Li commented on HDFS-7146:
----------------------------------

{quote}
The defaulyStaticIdMappingFile was introduced in the HADOOP-11195, and I 
actually have removed it in rev 004. Would you please indicate the place you 
were looking at?{quote}
My bad. I looked into the wrong side of the diff.
{quote}Relaxing the platform support is a different issue to solve and it seems 
deserving a separate jira, what do you think?{quote}
I am ok with either fixing it here or a different JIRA.
{quote}I introduced this for testing purpose. {quote}
Please add java doc for it. Also, it would to nice to add the solution in the 
class java doc.


> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
>                 Key: HDFS-7146
>                 URL: https://issues.apache.org/jira/browse/HDFS-7146
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.6.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>         Attachments: HDFS-7146.001.patch, HDFS-7146.002.allIncremental.patch, 
> HDFS-7146.003.patch, HDFS-7146.004.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running 
> 'getent passwd' with an assumption that it will return the entire list of 
> users available on the OS, local and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by 
> administrators in most secure setups to avoid excessive load to the ADs 
> involved, as the # of users to be listed may be too large, and the repeated 
> requests of ALL users not present in the cache would be too much for the AD 
> infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via 
> 'getent passwd <UID>', if the UID does not match a cached value. This reduces 
> load on the LDAP backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to