Return-Path: 
 <hdfs-issues-return-98510-apmail-hadoop-hdfs-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 827A717F1E
	for <apmail-hadoop-hdfs-issues-archive@minotaur.apache.org>;
 Mon,  6 Oct 2014 06:38:34 +0000 (UTC)
Received: (qmail 57390 invoked by uid 500); 6 Oct 2014 06:38:34 -0000
Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org
Received: (qmail 57329 invoked by uid 500); 6 Oct 2014 06:38:34 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Reply-To: hdfs-issues@hadoop.apache.org
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 57316 invoked by uid 99); 6 Oct 2014 06:38:33 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Oct 2014 06:38:33 +0000
Date: Mon, 6 Oct 2014 06:38:33 +0000 (UTC)
From: "Brandon Li (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <JIRA.12744095.1411670982000.196176.1412577513918@Atlassian.JIRA>
In-Reply-To: <JIRA.12744095.1411670982000@Atlassian.JIRA>
References: <JIRA.12744095.1411670982000@Atlassian.JIRA>
 <JIRA.12744095.1411670982690@arcas>
Subject: [jira] [Commented] (HDFS-7146) NFS ID/Group lookup requires SSSD
 enumeration on the server
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14160046#comment-14160046 ] 

Brandon Li commented on HDFS-7146:
----------------------------------

[~yzhangal], I agree what you said. To summarize our conclusion here:
1. load all groups when IdUserGroup object is initialized (only because we don't have a good way to get group id from its name)
2. users are loaded only when they are requested
3. periodically(15minutes by default) update the cached groups
4. when a user-id mapping is requested and the mapping is older than 15minutes, we will refresh this mapping

Is this looking good?

> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
>                 Key: HDFS-7146
>                 URL: https://issues.apache.org/jira/browse/HDFS-7146
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.6.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>         Attachments: HDFS-7146.001.patch, HDFS-7146.002.allIncremental.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running 'getent passwd' with an assumption that it will return the entire list of users available on the OS, local and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by administrators in most secure setups to avoid excessive load to the ADs involved, as the # of users to be listed may be too large, and the repeated requests of ALL users not present in the cache would be too much for the AD infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via 'getent passwd <UID>', if the UID does not match a cached value. This reduces load on the LDAP backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)