You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Xiaoyu Yao (JIRA)" <ji...@apache.org> on 2016/10/28 22:24:58 UTC

[jira] [Created] (HADOOP-13771) Adding group mapping lookup utility without dependency on HDFS namenode

Xiaoyu Yao created HADOOP-13771:
-----------------------------------

             Summary: Adding group mapping lookup utility without dependency on HDFS namenode
                 Key: HADOOP-13771
                 URL: https://issues.apache.org/jira/browse/HADOOP-13771
             Project: Hadoop Common
          Issue Type: Bug
          Components: security, tools
            Reporter: Xiaoyu Yao
            Assignee: Xiaoyu Yao


We have {{hdfs groups}} command to troubleshoot issues related to users' group member look up with Unix/LDAP. However, there are some limitation of this command: 1) it can only be executed when namenode is running. 2) any change in the group mapping lookup configuration needs a hdfs namenode restart, which is expensive. 

This ticket is proposed to have a simple CLI utility like HadoopKerberosName
{code}
hadoop org.apache.hadoop.security.HadoopKerberosName nn/localhost@HDPDEV.DEV.COM
{code}

The CLI utility for group member lookup will have a usage like below without namenode running or restart for configuration change.
{code}
hadoop org.apache.hadoop.security.Groups hdfs
hdfs : [hadoop, hdfs]
{code}






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org