[
https://issues.apache.org/jira/browse/ATLAS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16595045#comment-16595045
]
Dinesh Chitlangia commented on ATLAS-2557:
------------------------------------------
[~nixonrodrigues] - Do we need add this in custom atlas-application.properties
for this fix to work?
{{atlas.authentication.ugi-groups.include-hadoop-groups=true}}
> Fix to allow to lookup hadoop ldap groups when are groups from UGI are
> wrongly set or are not empty
> ---------------------------------------------------------------------------------------------------
>
> Key: ATLAS-2557
> URL: https://issues.apache.org/jira/browse/ATLAS-2557
> Project: Atlas
> Issue Type: Bug
> Affects Versions: 0.8.2
> Reporter: Nixon Rodrigues
> Assignee: Nixon Rodrigues
> Priority: Major
> Fix For: 1.0.0, 0.8.3
>
> Attachments: ATLAS-2557.patch
>
>
> Currently, groups from hadoop mapping are read only when grantedAuths from
> UGi is empty, but there is a case when groups synced in ugi are wrong or
> incomplete, in this case reading groups from hadoop ldap group mapping can
> help to get all groups.
>
> consider below example for ldap user hr1 who has *hadoop-users, hr, hr1 in*
> ldap
>
> [root@log111 ~]# id hr1
> uid=1014(hr1) gid=1014(hr1) groups=1014(hr1)
>
> groups read from UGI is *hr1*
>
> *----------------------------------------------------------------*
>
> [root@log111 ~]# hdfs groups hr1
> hr1 : *hadoop-users hr hr1*
>
> groups read from hadoop ldap group mapping
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
