[ https://issues.apache.org/jira/browse/HADOOP-13771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15626413#comment-15626413 ]
Allen Wittenauer commented on HADOOP-13771: ------------------------------------------- What I had in my head is that if 'hdfs groups' can't contact the NN after a much shorter timeout, it would then run locally and provide an answer with the additional text of "(non-authoritative)" or something else in the output. > Adding group mapping lookup utility without dependency on HDFS namenode > ----------------------------------------------------------------------- > > Key: HADOOP-13771 > URL: https://issues.apache.org/jira/browse/HADOOP-13771 > Project: Hadoop Common > Issue Type: Bug > Components: security, tools > Reporter: Xiaoyu Yao > Assignee: Xiaoyu Yao > Attachments: HADOOP-13771.00.patch > > > We have {{hdfs groups}} command to troubleshoot issues related to users' > group member look up with Unix/LDAP. However, there are some limitation of > this command: 1) it can only be executed when namenode is running. 2) any > change in the group mapping lookup configuration needs a hdfs namenode > restart, which is expensive. > This ticket is proposed to have a simple CLI utility like HadoopKerberosName > {code} > hadoop org.apache.hadoop.security.HadoopKerberosName > nn/localh...@hdpdev.dev.com > {code} > The CLI utility for group member lookup will have a usage like below without > namenode running or restart for configuration change. > {code} > hadoop org.apache.hadoop.security.Groups hdfs > hdfs : [hadoop, hdfs] > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org