Amit Sharma created YUNIKORN-656: ------------------------------------ Summary: LDAP resolver for group resolution Key: YUNIKORN-656 URL: https://issues.apache.org/jira/browse/YUNIKORN-656 Project: Apache YuniKorn Issue Type: New Feature Components: core - common, security Reporter: Amit Sharma
LDAP resolution is a popular method to resolve group memberships. It allows applications to use existing infrastructure of identity repositories to determine the group membership of a particular user. At the moment, Yunikorn provides 1 way of resolving groups (OS resolver) https://github.com/apache/incubator-yunikorn-core/blob/4cef5d9ed3bb56909ffd97853dd1c62cbb5d649c/pkg/common/security/usergroup.go#L69 To include LDAP resolver, there are 2 methods that can be followed. 1) Modify the OS resolver to allow integration with the LDAP repository using some OS level services like sssd or nsd. 2) Add a new resolver called LDAP resolver that directly connects to the LDAP identity repository and retrieves group information in the required format. The 1st method is a common method used across environments that have other applications running on the same set of machines. It allows the groups to be cached on the physical machine so that all the apps running on those machines can use them. The 2nd method is usually the preferred choice in container environments as all components inside a container are exclusively for the app itself and adding another layer to retrieve the same set of groups that can be retrieved directly from the LDAP repository adds no additional value. In addition to that, apps like Yunikorn have their own caching mechanism. Please suggest the preferred way forward on this. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org For additional commands, e-mail: dev-h...@yunikorn.apache.org