[
https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287849#comment-14287849
]
Aaron T. Myers commented on HADOOP-10626:
-----------------------------------------
Ah, never mind my question - I think I understand now. The whole point of this
change is to expressly limit the search results to only those attributes which
the groups plugin will actually be looking at, and in doing so speed up the
search. Makes sense.
Given that, the patch looks pretty good to me. My only suggestion is to add a
one-line comment above the {{setReturningAttributes}} call explaining why we're
reducing the results returned by the search, something along the lines of "//
Limit the attributes returned to only those required to speed up the search.
See HADOOP-10626 for more details."
I'll be +1 once this is addressed.
> Limit Returning Attributes for LDAP search
> ------------------------------------------
>
> Key: HADOOP-10626
> URL: https://issues.apache.org/jira/browse/HADOOP-10626
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.3.0
> Reporter: Jason Hubbard
> Assignee: Jason Hubbard
> Labels: easyfix, newbie, performance
> Attachments: HADOOP-10626.patch
>
>
> When using Hadoop Ldap Group mappings in an enterprise environment, searching
> groups and returning all members can take a long time causing a timeout.
> This causes not all groups to be returned for a user. Because the first
> search only searches for the user dn and the second search retrieves the
> group member attribute, we only need to return the group member attribute on
> the search speeding up the search.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
