hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject Questions and possible improvements for LdapGroupsMapping
Date Fri, 19 Oct 2012 00:32:06 GMT
Hi All,

Regarding LdapGroupsMapping, I have following questions:


1.       Is it possible to use ShellBasedUnixGroupsMapping for Hadoop service principals/users,
and LdapGroupsMapping for end user accounts?
In our  environment, normal end users (along with their groups info) for Hadoop cluster are
from AD, and for them we prefer to use the ldap mapping;
but for hdfs/mapred service principals, the default shell based one is enough, and we don't
want to create the user/group entries in AD just for that.
Seems in current implementation, only one user group mapping provider can be configured.


2.       Can we support multiple ADs? Hadoop users might come from more than ONE AD in big
org.


3.       Is there any technical  issue not to support LDAPs like OpenLDAP? In my understanding,
one possible difficulity might be that it's not easy to extract common
group lookup mechanism with common filters/configurations both applied for AD and OpenLDAP
like, right?

I'm wondering if these are just limits for current implementation, and if so if we need to
improve that. Might the community has already been going for that?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message