[
https://issues.apache.org/jira/browse/HDFS-9956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15193640#comment-15193640
]
sanjay kenganahalli vamanna commented on HDFS-9956:
---------------------------------------------------
ha.zookeeper.session-timeout.ms, default is 5 secs, this default has to be
greater than hadoop.security.group.mapping.ldap.directory.search.timeout
(default 10 sec). We increased "ha.zookeeper.session-timeout.ms" to 20 secs but
still have an issue.
> LDAP PERFORMANCE ISSUE AND FAIL OVER
> ------------------------------------
>
> Key: HDFS-9956
> URL: https://issues.apache.org/jira/browse/HDFS-9956
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: sanjay kenganahalli vamanna
>
> The typical LDAP group name resolution works well under typical scenarios.
> However, we have seen cases where a user is mapped to many groups (in an
> extreme case, a user is mapped to more than 100 groups). The way it's being
> implemented now makes this case super slow resolving groups from
> ActiveDirectory and making the namenode to failover.
> Instead of failover, we can use the
> parameter(ha.zookeeper.session-timeout.ms) in the getgroups method to
> time-out and send the failed response back to the user so that we can prevent
> name node failover.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
