Author: harsh
Date: Tue Apr 30 03:06:06 2013
New Revision: 1477458
URL: http://svn.apache.org/r1477458
Log:
HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for its directory
search. Contributed by Harsh J. (harsh)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1477458&r1=1477457&r2=1477458&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Tue Apr
30 03:06:06 2013
@@ -577,6 +577,9 @@ Release 2.0.5-beta - UNRELEASED
HADOOP-9503. Remove sleep between IPC client connect timeouts.
(Varun Sharma via szetszwo)
+ HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for
+ its directory search. (harsh)
+
OPTIMIZATIONS
HADOOP-9150. Avoid unnecessary DNS resolution attempts for logical URIs
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java?rev=1477458&r1=1477457&r2=1477458&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
Tue Apr 30 03:06:06 2013
@@ -144,7 +144,15 @@ public class LdapGroupsMapping
*/
public static final String GROUP_NAME_ATTR_KEY = LDAP_CONFIG_PREFIX +
".search.attr.group.name";
public static final String GROUP_NAME_ATTR_DEFAULT = "cn";
-
+
+ /*
+ * LDAP {@link SearchControls} attribute to set the time limit
+ * for an invoked directory search. Prevents infinite wait cases.
+ */
+ public static final String DIRECTORY_SEARCH_TIMEOUT =
+ LDAP_CONFIG_PREFIX + ".directory.search.timeout";
+ public static final int DIRECTORY_SEARCH_TIMEOUT_DEFAULT = 10000; // 10s
+
private static final Log LOG = LogFactory.getLog(LdapGroupsMapping.class);
private static final SearchControls SEARCH_CONTROLS = new SearchControls();
@@ -326,6 +334,9 @@ public class LdapGroupsMapping
groupNameAttr =
conf.get(GROUP_NAME_ATTR_KEY, GROUP_NAME_ATTR_DEFAULT);
+ int dirSearchTimeout = conf.getInt(DIRECTORY_SEARCH_TIMEOUT,
DIRECTORY_SEARCH_TIMEOUT_DEFAULT);
+ SEARCH_CONTROLS.setTimeLimit(dirSearchTimeout);
+
this.conf = conf;
}
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml?rev=1477458&r1=1477457&r2=1477458&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
Tue Apr 30 03:06:06 2013
@@ -213,6 +213,17 @@
</property>
<property>
+ <name>hadoop.security.group.mapping.ldap.directory.search.timeout</name>
+ <value>10000</value>
+ <description>
+ The attribute applied to the LDAP SearchControl properties to set a
+ maximum time limit when searching and awaiting a result.
+ Set to 0 if infinite wait period is desired.
+ Default is 10 seconds. Units in milliseconds.
+ </description>
+</property>
+
+<property>
<name>hadoop.security.service.user.name.key</name>
<value></value>
<description>
