You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by "Nixon Rodrigues (JIRA)" <ji...@apache.org> on 2018/04/12 20:04:00 UTC
[jira] [Updated] (ATLAS-2557) Fix to allow to lookup hadoop ldap
groups when are groups from UGI are wrongly set or are not empty
[ https://issues.apache.org/jira/browse/ATLAS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nixon Rodrigues updated ATLAS-2557:
-----------------------------------
Attachment: ATLAS-2557.patch
> Fix to allow to lookup hadoop ldap groups when are groups from UGI are wrongly set or are not empty
> ---------------------------------------------------------------------------------------------------
>
> Key: ATLAS-2557
> URL: https://issues.apache.org/jira/browse/ATLAS-2557
> Project: Atlas
> Issue Type: Bug
> Affects Versions: 0.8.2
> Reporter: Nixon Rodrigues
> Assignee: Nixon Rodrigues
> Priority: Major
> Attachments: ATLAS-2557.patch
>
>
> Currently, groups from hadoop mapping are read only when grantedAuths from UGi is empty, but there is a case when groups synced in ugi are wrong or incomplete, in this case reading groups from hadoop ldap group mapping can help to get all groups.
>
> consider below example for ldap user hr1 who has *hadoop-users, hr, hr1 in* ldap
>
> [root@log111 ~]# id hr1
> uid=1014(hr1) gid=1014(hr1) groups=1014(hr1)
>
> groups read from UGI is *hr1*
>
> *----------------------------------------------------------------*
>
> [root@log111 ~]# hdfs groups hr1
> hr1 : *hadoop-users hr hr1*
>
> groups read from hadoop ldap group mapping
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)