[jira] [Commented] (HADOOP-12291) Add support for nested groups in LdapGroupsMapping

Wed, 04 May 2016 10:28:29 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15271032#comment-15271032
 ] 

Anu Engineer commented on HADOOP-12291:
---------------------------------------

Thanks for the Patch v3 and taking care of all the issues.

I have 2 minor comments on Patch v3.

{{LdapGroupsMapping.java Line:76}} Let us remove this old comment.
{noformat}
or a limit of -1, it will traverse the entire tree, but
this is not recommended as it will degrade performance.
{noformat}

Since we decided not to support -1 and the code does not check for that, It 
might be safer to modify these three lines.

{{LdapGroupsMapping.java Line 311}}

{code} getGroupNames(groupResult, groups, groupDNs, goUpHierarchy != 0); {code}
as {code} getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0); 
{code}

{{LdapGroupsMapping.java Line 313}} {code} if (goUpHierarchy != 0)  {code} as 
{code} if (goUpHierarchy > 0) {code}
{{LdapGroupsMapping.java Line 358}} 
{code}  if (goUpHierarchy == 0 || groups.isEmpty()) {code}
as {code}  if (goUpHierarchy <= 0 || groups.isEmpty()) {code}


This is to prevent the case where someone sets the a value of -1 in the config 
and we treat it as a positive  value in code. This reinforces our assumption 
that this value is always positive.


> Add support for nested groups in LdapGroupsMapping
> --------------------------------------------------
>
>                 Key: HADOOP-12291
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12291
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.8.0
>            Reporter: Gautam Gopalakrishnan
>            Assignee: Esther Kundin
>              Labels: features, patch
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-12291.001.patch, HADOOP-12291.002.patch, 
> HADOOP-12291.003.patch
>
>
> When using {{LdapGroupsMapping}} with Hadoop, nested groups are not 
> supported. So for example if user {{jdoe}} is part of group A which is a 
> member of group B, the group mapping currently returns only group A.
> Currently this facility is available with {{ShellBasedUnixGroupsMapping}} and 
> SSSD (or similar tools) but would be good to have this feature as part of 
> {{LdapGroupsMapping}} directly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to