HADOOP-13102. Update GroupsMapping documentation to reflect the new changes. Contributed by Esther Kundin.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/075358eb Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/075358eb Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/075358eb Branch: refs/heads/YARN-1011 Commit: 075358eb6fff5ae4a40ac4dfde292e2a9a4ceddf Parents: 8bcc49e Author: Anu Engineer <aengin...@apache.org> Authored: Wed Oct 11 15:58:20 2017 -0700 Committer: Anu Engineer <aengin...@apache.org> Committed: Wed Oct 11 15:58:20 2017 -0700 ---------------------------------------------------------------------- .../hadoop-common/src/site/markdown/GroupsMapping.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/075358eb/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md b/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md index 89aca16..806ed54 100644 --- a/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md +++ b/hadoop-common-project/hadoop-common/src/site/markdown/GroupsMapping.md @@ -85,9 +85,10 @@ This file should be readable only by the Unix user running the daemons. It is possible to set a maximum time limit when searching and awaiting a result. Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period is desired. Default is 10,000 milliseconds (10 seconds). +This is the limit for each ldap query. If `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` is set to a positive value, then the total latency will be bounded by max(Recur Depth in LDAP, `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` ) * `hadoop.security.group.mapping.ldap.directory.search.timeout`. -The implementation does not attempt to resolve group hierarchies. Therefore, a user must be an explicit member of a group object -in order to be considered a member. +`hadoop.security.group.mapping.ldap.base` configures how far to walk up the groups hierarchy when resolving groups. +By default, with a limit of 0, in order to be considered a member of a group, the user must be an explicit member in LDAP. Otherwise, it will traverse the group hierarchy `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` levels up. ### Active Directory ### --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org