hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Douglas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5851) proxy to call LDAP for IP lookup and get user ID and directories, validate requested URL
Date Tue, 23 Jun 2009 23:25:07 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12723360#action_12723360
] 

Chris Douglas commented on HADOOP-5851:
---------------------------------------

The patch needs to be regenerated for the code split.

The contents look fine, though I'd like to see the TrustManager path completely replace the
System.setProperty idiom now that it is understood. The only other minor nit would be here:
{noformat}
+        if (LOG.isDebugEnabled())
+          e.printStackTrace();
{noformat}
Using {{LOG.debug("Useful message", e)}} is more standard.

> proxy to call LDAP for IP lookup and get user ID and directories, validate requested
URL
> ----------------------------------------------------------------------------------------
>
>                 Key: HADOOP-5851
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5851
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: contrib/hdfsproxy
>            Reporter: zhiyong zhang
>            Assignee: zhiyong zhang
>            Priority: Critical
>         Attachments: HADOOP-5851.patch, HADOOP-5851.patch, HADOOP-5851.patch, HADOOP-5851.patch
>
>
> It is easy to manage user accounts using LDAP. by adding support for LDAP, proxy can
do IP authorization in a headless fashion. 
> when a user send a request, proxy extract IP address and request PathInfo from the request.
then it searches the LDAP server to get the allowed HDFS root paths given the IP address.
Proxy will match the user request PathInfo with the allowed HDFS root path, return 403 if
it could not find a match. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message