[
https://issues.apache.org/jira/browse/HDFS-9956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15193536#comment-15193536
]
Wei-Chiu Chuang commented on HDFS-9956:
---------------------------------------
Hi [~sanjayvamanna] thanks for reporting the issue and offering workarounds.
The parameter {{hadoop.security.group.mapping.ldap.directory.search.timeout}}
is supposed to stop queries if it goes over time. Would this parameter work in
your scenario?
> LDAP PERFORMANCE ISSUE AND FAIL OVER
> ------------------------------------
>
> Key: HDFS-9956
> URL: https://issues.apache.org/jira/browse/HDFS-9956
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: sanjay kenganahalli vamanna
>
> The typical LDAP group name resolution works well under typical scenarios.
> However, we have seen cases where a user is mapped to many groups (in an
> extreme case, a user is mapped to more than 100 groups). The way it's being
> implemented now makes this case super slow resolving groups from
> ActiveDirectory and making the namenode to failover.
> Instead of failover, we can use the
> parameter(ha.zookeeper.session-timeout.ms) in the getgroups method to
> time-out and send the failed response back to the user so that we can prevent
> name node failover.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
