[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315129#comment-15315129 ] Mingliang Liu commented on HADOOP-13105: Thank you for your review and commit, [~cnauroth], and thank you [~jojochuang] for the review and discussion. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Fix For: 2.8.0 > > Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch, > HADOOP-13105.002.patch, HADOOP-13105.003.patch, HADOOP-13105.004.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315126#comment-15315126 ] Hudson commented on HADOOP-13105: - SUCCESS: Integrated in Hadoop-trunk-Commit #9910 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/9910/]) HADOOP-13105. Support timeouts in LDAP queries in LdapGroupsMapping. (cnauroth: rev d82bc8501869be78780fc09752dbf7af918c14af) * hadoop-common-project/hadoop-common/src/main/resources/core-default.xml * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Fix For: 2.8.0 > > Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch, > HADOOP-13105.002.patch, HADOOP-13105.003.patch, HADOOP-13105.004.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315099#comment-15315099 ] Hadoop QA commented on HADOOP-13105: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 6m 52s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 24s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 22s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 27s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 1s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 13s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 28s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 57s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 42s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 9s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 7m 9s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 26s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 1s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 11s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 2s {color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 38s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 59s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 51s {color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s {color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 46m 49s {color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:2c91fd8 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12808081/HADOOP-13105.004.patch | | JIRA Issue | HADOOP-13105 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux 8dc662e623c0 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 78b3a03 | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9660/testReport/ | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/9660/console | | Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch, HAD
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15314974#comment-15314974 ] Chris Nauroth commented on HADOOP-13105: [~liuml07], patch 003 looks good. I just have one more request. In the tests, please declare {{finLatch}} as {{final}}. Without that, the patch will cause compilation to fail on branch-2 with the errors shown below. This didn't show up in pre-commit, because pre-commit ran against trunk, which is building with Java 8. In Java 8, they have introduced the concept of "effectively final" variables, which means that Java 8 auto-detected that those variables are final, because they were assigned only once. {code} [ERROR] /Users/chris/git/hadoop/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java:[232,15] local variable finLatch is accessed from within inner class; needs to be declared final [ERROR] /Users/chris/git/hadoop/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java:[288,15] local variable finLatch is accessed from within inner class; needs to be declared final {code} > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch, > HADOOP-13105.002.patch, HADOOP-13105.003.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15313371#comment-15313371 ] Hadoop QA commented on HADOOP-13105: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 19s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 10s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 30s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 24s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 55s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 12s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 18s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 54s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 39s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 23s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 23s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 24s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 52s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 12s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s {color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 26s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 53s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 36s {color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 20s {color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 36m 8s {color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:2c91fd8 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12807858/HADOOP-13105.003.patch | | JIRA Issue | HADOOP-13105 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux e321341bc21e 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 97e2449 | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9656/testReport/ | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/9656/console | | Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Chris Nauroth >Assignee: Mingliang Liu > A
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15313164#comment-15313164 ] Chris Nauroth commented on HADOOP-13105: The testing approach looks good to me. Here are a few comments on patch 002. # I recommend adding a comment on {{AUTHENTICATE_SUCCESS_MSG}} to clarify what is in that binary data. # It's fun to see the lambdas. :-) This does mean it can't apply to branch-2 though. You'd either need to take away the lambdas for a patch that can apply to both trunk and branch-2, or post separate patches. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch, > HADOOP-13105.002.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15305007#comment-15305007 ] Mingliang Liu commented on HADOOP-13105: The failing test is not related, and I can't reproduce it locally. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch, > HADOOP-13105.002.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15304989#comment-15304989 ] Hadoop QA commented on HADOOP-13105: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 16s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 34s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 50s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 23s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 56s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 11s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 21s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 57s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 45s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 55s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 55s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 23s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 52s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 12s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s {color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 36s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 54s {color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 7m 47s {color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 20s {color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 37m 54s {color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.metrics2.impl.TestGangliaMetrics | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:2c91fd8 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12806755/HADOOP-13105.002.patch | | JIRA Issue | HADOOP-13105 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux 8fa6b861650a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 21890c4 | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/9610/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt | | unit test logs | https://builds.apache.org/job/PreCommit-HADOOP-Build/9610/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9610/testReport/ | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/9610/console | | Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > Support timeouts in LDAP queries in LdapGroupsMapping. > -
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15297346#comment-15297346 ] Hadoop QA commented on HADOOP-13105: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 17s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 47s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 27s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 23s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 57s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 12s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 22s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 55s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 40s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 26s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 26s {color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 24s {color} | {color:red} hadoop-common-project/hadoop-common: The patch generated 24 new + 36 unchanged - 0 fixed = 60 total (was 36) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 53s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 12s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s {color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 29s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 52s {color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 7m 29s {color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 20s {color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 36m 48s {color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.net.TestDNS | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:2c91fd8 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12805768/HADOOP-13105.001.patch | | JIRA Issue | HADOOP-13105 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux 137fd747300d 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 4b0f55b | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/9563/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt | | unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/9563/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt | | unit test logs | https://builds.apache.org/job/PreCommit-HADOOP-Build/9563/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9563/testReport/ | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCo
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293931#comment-15293931 ] Wei-Chiu Chuang commented on HADOOP-13105: -- [~liuml07] you may not need to re-implement an LDAP server -- you can check out my patch at HADOOP-8145 to see how I use Apache Directory Service test framework to unit test LDAP queries. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293915#comment-15293915 ] Chris Nauroth commented on HADOOP-13105: [~liuml07], do you think hadoop-minikdc is helpful at all for testing a read timeout? Maybe there is a way to subclass something in there to stick a wait time inside the query handling? If the test gets too cumbersome or brittle, then I'd be comfortable proceeding with a patch that tests only connection timeout. The JNDI documentation clearly spells out how to set both connection and read timeout. Maybe it's more pragmatic to verify read timeout through code review and cross-check against that documentation. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15292516#comment-15292516 ] Mingliang Liu commented on HADOOP-13105: Thanks [~jojochuang] and [~cnauroth] for the review and comment. The next patch (on its way) will make both connect and read timeout configurable. As to the name, do you have any suggestion? I mean, we're setting {{com.sun.jndi.ldap.connect.timeout}} in the LDAP environment, and we may need a wrapped hadoop name. As to the test, I find when creating {{InitialDirContext()}} it will authenticate when connects and binds. This seems different from the stateless HTTP request as {{TestWebHdfsTimeouts}}. See the [doc here|https://docs.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html]. I'm not aware of any easy way in the fake LDAP server to make the client LdapCtx connected. In v0 patch, we're testing the connection timeout, instead of read timeout as the client has never connected to the server. As the following exception stack. {code} 2016-05-19 16:49:23,225 INFO security.TestLdapGroupsMapping (TestLdapGroupsMapping.java:testLdapReadTimeout(245)) - Got the exception while LDAP querying: javax.naming.NamingException: LDAP response read timed out, timeout used:5000ms. at com.sun.jndi.ldap.Connection.readReply(Connection.java:490) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.InitialContext.(InitialContext.java:216) at javax.naming.directory.InitialDirContext.(InitialDirContext.java:101) at org.apache.hadoop.security.LdapGroupsMapping.getDirContext(LdapGroupsMapping.java:437) at org.apache.hadoop.security.LdapGroupsMapping.doGetGroups(LdapGroupsMapping.java:366) at org.apache.hadoop.security.TestLdapGroupsMapping.testLdapReadTimeout(TestLdapGroupsMapping.java:242) {code} Choices are: # test connection timeout only, not ideal # implement a mini LDAP server which can handle real LADP requests # mock (assuming Java Naming performs well with given env variables) I'm working on the 2nd option. Any comment? > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291270#comment-15291270 ] Wei-Chiu Chuang commented on HADOOP-13105: -- Thanks [~cnauroth]! Your explanation makes sense to me. [~liuml07], please also rebase the patch due to HADOOP-12782. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15283007#comment-15283007 ] Chris Nauroth commented on HADOOP-13105: [~liuml07], thank you for the patch. # I agree with handling both connection timeout and read timeout within the scope of this patch. # I agree with the suggestion to make the timeout settings configurable, and use something pretty long, like 60 seconds, as the default. A value of "0" could mean "don't set the timeout". That way, there is minimal impact to existing LDAP deployments that experience long latency, and in case anyone really wants the old unbounded wait behavior, they can set it to 0. # For testing, I suggest looking at {{TestWebHdfsTimeouts}}, which uses techniques similar to what your test here does. To cover read timeout, it starts a TCP server that accepts connections but never responds, like what your patch already does. To simulate connect timeout, it spams a bunch of connections at that server to consume the TCP connection backlog before running the test. bq. Out of curiosity, doesn't the property {{hadoop.security.group.mapping.ldap.directory.search.timeout}} work for this purpose? [~jojochuang], I'm pretty sure this is something different. This is an application layer control, passed in the LDAP query, to give the LDAP server a hint that it should expect the query to complete in this amount of time. An LDAP server may choose to abort its query if it cannot complete within this timeout. This does not control timeouts at the TCP layer. It would not catch connection timeouts due to an overloaded LDAP server that has exhausted its listen backlog. It also would not catch timeouts if the LDAP server implementation chooses not to respect the search timeout. It also wouldn't cover cases like firewall misconfigurations that accept the client's SYN packet for connection establishment, but then drop subsequent packets. At least that's my recollection of what the search timeout does. Unfortunately, I can't find a definitive reference for that on the web right now to backup my claim. :-) I definitely have seen LDAP connection timeouts and read timeouts despite having the search timeout configured correctly. If you were thinking of overloading {{hadoop.security.group.mapping.ldap.directory.search.timeout}} to also pass that same value for these new connect and read timeout settings, I'd instead prefer new properties for greater flexibility. > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15278056#comment-15278056 ] Wei-Chiu Chuang commented on HADOOP-13105: -- Thanks for the patch, [~liuml07]. I think it'll be a good idea to make these two timeout values configurable. Could you also add these two configurable properties into core-default.xml? Your point #2 looks reasonable to me. If connection timeout is not set, the connection will block until the underlying network times out. Out of curiosty, doesn't the property {{hadoop.security.group.mapping.ldap.directory.search.timeout}} work for this purpose? > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth >Assignee: Mingliang Liu > Attachments: HADOOP-13105.000.patch > > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15275196#comment-15275196 ] Hadoop QA commented on HADOOP-13105: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 10s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 39s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 50s {color} | {color:green} trunk passed with JDK v1.8.0_91 {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 48s {color} | {color:green} trunk passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 24s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 0s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 13s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 37s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 53s {color} | {color:green} trunk passed with JDK v1.8.0_91 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 6s {color} | {color:green} trunk passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 42s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 53s {color} | {color:green} the patch passed with JDK v1.8.0_91 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 5m 53s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 47s {color} | {color:green} the patch passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 47s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 24s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 57s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 15s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 52s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 56s {color} | {color:green} the patch passed with JDK v1.8.0_91 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 7s {color} | {color:green} the patch passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 31s {color} | {color:green} hadoop-common in the patch passed with JDK v1.8.0_91. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 44s {color} | {color:green} hadoop-common in the patch passed with JDK v1.7.0_95. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s {color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 60m 20s {color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:cf2ee45 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12802809/HADOOP-13105.000.patch | | JIRA Issue | HADOOP-13105 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux fc6c61cb00ec 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 47c41e7 | | Default Java | 1.7.0_95 | | Multi-JDK versions | /usr/
[jira] [Commented] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
[ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15272932#comment-15272932 ] Chris Nauroth commented on HADOOP-13105: This document discusses the JNDI API calls that can be used to set timeouts. I think we'd want the actual timeout values to be configurable. https://docs.oracle.com/javase/tutorial/jndi/newstuff/readtimeout.html > Support timeouts in LDAP queries in LdapGroupsMapping. > -- > > Key: HADOOP-13105 > URL: https://issues.apache.org/jira/browse/HADOOP-13105 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Chris Nauroth > > {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries. > This can create a risk of a very long/infinite wait on a connection. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org