[ https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150146#comment-14150146 ]
Allen Wittenauer commented on HDFS-7146: ---------------------------------------- A quick primer on OS X naming services.... Apple uses a system called Directory Services. [dscl = Directory Services Command Line (utility)] It's based upon NextStep's NetInfo idea where objects are organized in a pseudo-directory layout with certain top level structures being an amalgamation of all of the services. So, for example, if a system is configured with LDAP and Files, /Users will be /etc/passwd + LDAP ou=people (or whatever). But you can specify /LDAPv3/server/Users to get specifically the LDAP part. This is similar to how nsswitch and sssd works on other OSes, but with more structure. This used to be a lot easier, but now if you go through System Preferences -> Users & Groups -> Login Options -> Network Account Server-> Join... you'll get to Directory Utility which allows you to add multiple sources for authentication and other naming services. (I've been doing this stuff for way too long. *sigh*) > NFS ID/Group lookup requires SSSD enumeration on the server > ----------------------------------------------------------- > > Key: HDFS-7146 > URL: https://issues.apache.org/jira/browse/HDFS-7146 > Project: Hadoop HDFS > Issue Type: Bug > Components: nfs > Affects Versions: 2.6.0 > Reporter: Yongjun Zhang > Assignee: Yongjun Zhang > > The current implementation of the NFS UID and GID lookup works by running > 'getent passwd' with an assumption that it will return the entire list of > users available on the OS, local and remote (AD/etc.). > This behaviour of the command is advised to be and is prevented by > administrators in most secure setups to avoid excessive load to the ADs > involved, as the # of users to be listed may be too large, and the repeated > requests of ALL users not present in the cache would be too much for the AD > infrastructure to bear. > The NFS server should likely do lookups based on a specific UID request, via > 'getent passwd <UID>', if the UID does not match a cached value. This reduces > load on the LDAP backed infrastructure. > Thanks [~qwertymaniac] for reporting the issue. -- This message was sent by Atlassian JIRA (v6.3.4#6332)