[
https://issues.apache.org/jira/browse/HADOOP-13771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15626413#comment-15626413
]
Allen Wittenauer commented on HADOOP-13771:
-------------------------------------------
What I had in my head is that if 'hdfs groups' can't contact the NN after a
much shorter timeout, it would then run locally and provide an answer with the
additional text of "(non-authoritative)" or something else in the output.
> Adding group mapping lookup utility without dependency on HDFS namenode
> -----------------------------------------------------------------------
>
> Key: HADOOP-13771
> URL: https://issues.apache.org/jira/browse/HADOOP-13771
> Project: Hadoop Common
> Issue Type: Bug
> Components: security, tools
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-13771.00.patch
>
>
> We have {{hdfs groups}} command to troubleshoot issues related to users'
> group member look up with Unix/LDAP. However, there are some limitation of
> this command: 1) it can only be executed when namenode is running. 2) any
> change in the group mapping lookup configuration needs a hdfs namenode
> restart, which is expensive.
> This ticket is proposed to have a simple CLI utility like HadoopKerberosName
> {code}
> hadoop org.apache.hadoop.security.HadoopKerberosName
> nn/localh...@hdpdev.dev.com
> {code}
> The CLI utility for group member lookup will have a usage like below without
> namenode running or restart for configuration change.
> {code}
> hadoop org.apache.hadoop.security.Groups hdfs
> hdfs : [hadoop, hdfs]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
