hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9956) LDAP PERFORMANCE ISSUE AND FAIL OVER
Date Mon, 14 Mar 2016 16:10:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15193536#comment-15193536

Wei-Chiu Chuang commented on HDFS-9956:

Hi [~sanjayvamanna] thanks for reporting the issue and offering workarounds.

The parameter {{hadoop.security.group.mapping.ldap.directory.search.timeout}} is supposed
to stop queries if it goes over time. Would this parameter work in your scenario? 

> ------------------------------------
>                 Key: HDFS-9956
>                 URL: https://issues.apache.org/jira/browse/HDFS-9956
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: sanjay kenganahalli vamanna
> The typical LDAP group name resolution works well under typical scenarios. However, we
have seen cases where a user is mapped to many groups (in an extreme case, a user is mapped
to more than 100 groups). The way it's being implemented now makes this case super slow resolving
groups from ActiveDirectory and making the namenode to failover.
> Instead of failover, we can use the parameter(ha.zookeeper.session-timeout.ms) in the
getgroups method to time-out and send the failed response back to the user so that we can
prevent name node failover. 

This message was sent by Atlassian JIRA

View raw message