Jeszy, That's exactly what I did. Impala simply picks up groups from the underlying OS and the OS is connected to LDAP. It works really great. Thank you very much for taking the time to guide me in the right direction.
On Sun, Mar 3, 2019 at 12:40 PM Jeszy <jes...@gmail.com> wrote: > Yeah that helps. Impala relies on Hadoop's UserGroupInformation class > for user:group mappings. You can configure Impala the same way you > would configure any other HDFS client (see > > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html > ), > through core-site.xml. The daemons' webUI's /hadoop_varz page lists > the currently picked up values. > Most setups I've seen use a service such as SSSD or Centrify instead > of hitting the LDAP server directly. That way the default user:group > mapping (ShellBasedUnixGroupsMapping) works well. > > HTH > > On Fri, 1 Mar 2019 at 16:42, Grzegorz Solecki <gsolec...@gmail.com> wrote: > > > > Jeszy, > > > > I appreciate your response and thank you for sharing the link. > > Unfortunately, the link you sent tells about how to configure the > transformation of the username before Impala sends it to the LDAP server > for authentication against a user list e.g. DN > 'ou=People,dc=localnet,dc=com' > > But my question goes a step further, i.e. if the user has already been > authenticated, the Impala needs to know groups the user is a member of. > > That means Impala needs to know the location of a group list e.g. DN > 'ou=Group,dc=localnet,dc=com' or 'ou=UserGroups,dc=localnet,dc=com' or > something like that. > > So where is the place to configure groups DN in Impala. > > I hope makes my question clear. > > > > > > On Thu, Feb 28, 2019, 18:18 Jeszy <jes...@gmail.com> wrote: > >> > >> Hello, > >> > >> Does this link help? > >> > https://www.cloudera.com/documentation/enterprise/latest/topics/impala_ldap.html#ldap_bind_strings > >> Specifically, ldap_bind_pattern. > >> > >> Jeszy > >> > >> On Thu, 28 Feb 2019 at 22:57, Grzegorz Solecki <gsolec...@gmail.com> > wrote: > >> > > >> > I am setting up Impala with LDAP but I do not see ability to > configure Groups CN. > >> > Could you please let me know how impala with LDAP know groups for a > particular user? > >> > Thanks in advance. >
