You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Jonathan Natkins (Created) (JIRA)" <ji...@apache.org> on 2012/02/29 17:13:57 UTC
[jira] [Created] (HADOOP-8121) Active Directory Group Mapping
Service
Active Directory Group Mapping Service
--------------------------------------
Key: HADOOP-8121
URL: https://issues.apache.org/jira/browse/HADOOP-8121
Project: Hadoop Common
Issue Type: New Feature
Components: security
Reporter: Jonathan Natkins
Assignee: Jonathan Natkins
Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
Patch updated
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226454#comment-13226454 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
There are two types of searches that get executed: 1) a group search, in which we're specifying the distinguished name that we're searching for, so we should only ever get back one result, or 2) a user search, in which case the filter should be something along the lines of (sAMAccountName={0}) or (uid={0}), which should only return one result, if configured correctly.
I'll acknowledge that this doesn't prevent an admin from misconfiguring the user search filter to execute a query that brings back a large result set, e.g. (objectclass=user), but if it does throw an exception, it will caught and logged appropriately.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225074#comment-13225074 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517534/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/685//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/685//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/685//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
I've made the bulk of getGroups synchronized, to be thread-safe around a) the call to getDirContext(), as well as deal with the lack of thread-safety provided by the LdapCtx object (which underlies the DirContext).
I've also added a warning suppression for the deprecated class (for some reason the deprecation warning doesn't show up in Eclipse for me. Hopefully this won't cause another compiler warning)
The SearchControls object is now declared statically.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222638#comment-13222638 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
1. Yeah, I agree with that
2. Done
3. I added some synchronize blocks, just to be safe
4. Turns out it wasn't long lived, because I had a little bug in my code, but it's cached properly now. Here's a link to some relevant code: http://javasourcecode.org/html/open-source/jdk/jdk-6u23/com/sun/jndi/ldap/LdapCtx.java.html
Digging in a little bit, you'll see that the ctx.search call leads to a call of LdapCtx.doSearch(). Conveniently, the first line of that method calls LdapCtx.ensureOpen(), which reconnects to the LDAP server, if necessary.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233084#comment-13233084 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Common-0.23-Commit #706 (See [https://builds.apache.org/job/Hadoop-Common-0.23-Commit/706/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302742)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302742
Files :
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232412#comment-13232412 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
I think it's correct as it is. Ampersands don't play nicely with XML: http://www.microshell.com/programming/php/xml-and-ampersand/
I did a small test of this by writing a file out with this text:
<property>
<value>&</value>
</property>
It doesn't parse in Chrome, but it displays correctly if I use &
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225061#comment-13225061 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
I removed some of the confusing comments. I think that the code is a little more self-explanatory now. I also changed the name of the hdfs user I referenced in testGetGroups. The search method was mocked to give a particular return value regardless of the string passed in, so the hdfs user was totally arbitrary in this case.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233114#comment-13233114 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #1913 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1913/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302740)
Result = ABORTED
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302740
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232379#comment-13232379 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
(meh, stupid jira)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221704#comment-13221704 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516960/HADOOP-8121.5.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/668//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/668//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226568#comment-13226568 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
Yeah, I see what you mean. Would it be acceptable if I renamed this class back to its original ActiveDirectoryGroupsMapping, and went with that for now? It almost makes sense to have two separate classes for ActiveDirectory versus LDAP proper, since the AD schema is very set in stone, where as LDAP is much more flexible, depending on the group class you're using, and how an organization has their schema setup.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225458#comment-13225458 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517596/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/687//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/687//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/687//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232473#comment-13232473 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12518697/HADOOP-8121-common.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 4 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1014 javac compiler warnings (more than the trunk's current 1013 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.ipc.TestRPCCallBenchmark
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/726//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/726//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.6.patch
Blah. Unused import removed.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8121:
-----------------------------------
Resolution: Fixed
Fix Version/s: 0.23.3
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
I've just committed this to trunk and branch-0.23.
Thanks a lot for the contribution, Natty!
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224716#comment-13224716 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Very close now, Natty. Just a few little comments.
# In the class comment, rather than "slaves to an LDAP server" how about "connects directly to an LDAP server" ?
# Should use 4-space indentation on the class declaration line.
# No need to initialize SEARCH_CONTROLS in the static { } block. Just do it inline with the declaration.
# Don't pull out the config keys on every call to getGroups. Instead, just do it once in the call to setConf and set some instance variables.
# Why have a synchronized block around all the content of getGroups, vs just making the whole method synchronized?
# I don't understand the comment "getDirContext needs to be synchronized, since we're potentially setting up a singleton"
# What's the point of assigning SEARCH_CONTROLS to a local variable in getGroups?
# I don't understand the comment "// If we didn't get the group, just return the groups we know about"
# Some odd indentation in getDirContext, and should probably synchronize getDirContext as well.
# s/for/of/g in "The URL for the LDAP server to use"
# No need for the instance variable mappingService in the test.
# I don't understand where the "hdfs" user comes from in testGetGroups. Why isn't that mentioned anywhere in setupMocks?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221772#comment-13221772 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516968/HADOOP-8121.6.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/669//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/669//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Steve Loughran (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13223487#comment-13223487 ]
Steve Loughran commented on HADOOP-8121:
----------------------------------------
Does this work when tested against the Java-based ApacheDS server? http://directory.apache.org/apacheds/1.5/ if it does, that would make functional testing a lot easier
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
Not sure what happened with that last patch run. I tested the patch, and it seemed to apply just fine locally. Attaching a new one to try to kick it again.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.3.patch
Updated this patch with a test that more closely mocks out what an actual LDAP server would do, and renamed the class to be a bit more generic, since this class will likely work for most LDAP installations. However, the defaults will make it easiest to configure for Active Directory.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226458#comment-13226458 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
Doesn't this sort of make it unsuitable for anything but the specific use cases you have in mind? i.e., how would a non-AD user actually use this?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13220526#comment-13220526 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516758/HADOOP-8121.3.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/654//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/654//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222671#comment-13222671 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517130/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed the unit tests build
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/673//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/673//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/673//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.3.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225563#comment-13225563 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
1) hadoop.security.group.mapping.ldap.bind.password should not be in the hadoop conf file. This should be a pointer to a file that contains the password or stored in the keystore.
2) I think the description for hadoop.security.group.mapping.ldap.search.filter.user is a bit confusing. Instead of "generic LDAP servers" just come out and say "non-AD schemas". Additionally, I'd replace "will likely" to "should be".
3) I think the documentation needs to be clear what conditions this provider is required. This is especially important given that this a) will likely be unnecessary on the vast majority of properly configured systems b) bypasses the caching that happens at the OS level, so could be a potential performance hit.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13219756#comment-13219756 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516637/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/649//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/649//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.6.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13228529#comment-13228529 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
It isn't unrealistic for super large enterprises to have tens of thousands of group definitions (one previous employer had just shy of 10k!). Is it possible for someone to be in so many groups as to hit the search limit? Well, it depends upon how the LDAP server is configured. If we don't want to fix this, then it should at least be mentioned in the docs that search limits are not supported and/or will result in unpredictable behavior.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.2.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121-hdfs.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.4.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233756#comment-13233756 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Mapreduce-0.23-Build #231 (See [https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/231/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302742)
Result = FAILURE
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302742
Files :
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231562#comment-13231562 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12518697/HADOOP-8121-common.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 4 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1014 javac compiler warnings (more than the trunk's current 1013 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/721//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/721//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229896#comment-13229896 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Patch application failed because test-patch doesn't support cross-sub-project patches, and this patch changes code in Common and docs in HDFS.
How about you just upload a patch for the docs in HDFS, and a separate patch for the Common code changes? That should make test-patch happy.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221400#comment-13221400 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
5. I'm kinda of the mind that it should be one DirContext per connection. It's possible that we could cache the connection, but it seems like that wouldn't be ideal. These systems are made for handling a lot of short-lived connections, and I feel like this is no different. I'll do a little additional research on this, but I think not caching the connection is the right thing to do.
7. I googled a bit, and as far as I can tell, those contants don't exist anywhere. I just see a lot of other code bases that pull them out into constants, as well.
Everything else has been updated accordingly. Let me know how the new diff looks. Thanks!
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13219948#comment-13219948 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516664/HADOOP-8121.2.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/650//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/650//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233832#comment-13233832 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk #1025 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1025/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302740)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302740
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222694#comment-13222694 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517136/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/674//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/674//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/674//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232378#comment-13232378 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
Doing a quick pass over the patch:
{code}
+ <value>(&(objectClass=user)(sAMAccountName={0})</value>
{code}
Shouldn't this be & and not &? Or is XML doing bad things to this?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.3.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: (was: HADOOP-8121.5.patch)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121-common.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13230442#comment-13230442 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
Allen,
Provided the test-patch job comes back happy, have I addressed all of your concerns?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222630#comment-13222630 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Thanks for checking on that, Natty. A few more comments/questions:
# Seems like we could cache the SearchControls object as well. Looks to me like it could even just be statically initialized.
# I think createDirContext should be renamed getDirContext, as it's not necessarily creating a new DirContext each time it's called.
# There's what looks to be a potential race in initializing the DirContext, since you check for null and then initialize without holding any lock, though it may not matter at all.
# Since the DirContext is now long-lived, what happens if a connection to the LDAP server breaks? Will this class automatically re-connect? (Is that even the right term?)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233083#comment-13233083 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Hdfs-0.23-Commit #697 (See [https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/697/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302742)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302742
Files :
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231570#comment-13231570 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
+1, the latest patch looks good to me.
Allen, has Jon addressed all of your concerns? If so, I'll go ahead and commit this patch. Please let me know.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229808#comment-13229808 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12518340/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 4 new or modified tests.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/711//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231581#comment-13231581 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
The javac warning is related is caused by this line:
env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName());
The problem is that the LdapCtxFactory is a deprecated API, but according to all documentation (including Oracle's) and examples that I've looked at, it's the correct way to initialize the context. We could avoid the warning by hard-coding the string, but I strongly prefer calling getName() to get the actual class name.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231576#comment-13231576 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Also, Jon, can you comment on the javac warning? I believe it's unavoidable, but please confirm.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221487#comment-13221487 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12516914/HADOOP-8121.4.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/667//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/667//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13228502#comment-13228502 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
a) I'm a little unclear under what circumstances you expect this to hit a search limit. Would you expect that users would belong to more groups than the search limit can support in a single search? That seems surprising to me. Like I said earlier, if the plug-in is misconfigured, and you have a search filter that is not sensible, say (objectClass=*), yes, you would probably hit a search limit. In that case, an exception would be through in getGroups, and logged, alerting an admin to the fact that there's a problem.
b) You're right, I'll document this somewhere.
Regarding documentation, where is the most appropriate place for it to go?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222618#comment-13222618 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
I agree that the warning is mostly unavoidable, and I don't think there's any particularly good way of dealing with it. It looks like Oracle is working on updating some of the APIs (http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/index.html contains some of the updates), but there doesn't seem to be any new way to get the InitialContextFactory. The interwebs generally lead you to something like this:
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
In fact, this line of code shows up in Oracle's docs (section 15.1 http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html#pooling)
I think it makes more sense to do the right thing and call the getName() method than use a hard-coded string, so if this is alright, I'll just add warning suppression.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233079#comment-13233079 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #1905 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1905/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302740)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302740
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8121:
-----------------------------------
Target Version/s: 0.23.3
Affects Version/s: 0.23.2
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
I've updated the patch to address Allen's comments.
I've modified the bind.password and keystore.password parameters in the core-defaults.xml file to point to files containing the respective passwords, and somewhat shamelessly stolen the approach taken by HADOOP-7621 to deal with the security concern.
I've updated some of the parameter descriptions in the xml, and I've updated the javadocs for the LdapGroupsMapping class to be more explicit about the purpose and consequences of using LDAP for user-group mapping.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232876#comment-13232876 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
+1, the latest patch looks good to me. I'm confident that the test failure of TestRPCCallBenchmark is unrelated.
I'm going to commit this in the next few hours unless there are any more comments in the mean time.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233117#comment-13233117 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Mapreduce-0.23-Commit #713 (See [https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/713/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302742)
Result = ABORTED
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302742
Files :
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225484#comment-13225484 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
I see what you're saying re: the arbitrary user name, but in the latest patch it still looks to me like you're using "hdfs" in the test case. Obviously this will work, but I think you should either change the name so it's obvious that it's arbitrary, or add a comment explaining this.
I'd also recommend you move the comment "The underlying LdapCtx is also not thread-safe..." to the be in the method comment.
+1 once these two issues are addressed.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222485#comment-13222485 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
bq. Blah. Unused import removed.
I don't think that was the problem. I think it's this:
{quote}
[WARNING] hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java:[183,27] com.sun.jndi.ldap.LdapCtxFactory is Sun proprietary API and may be removed in a future release
{quote}
This warning is probably unavoidable, but can you check to see if there's a preferred way of doing this which wouldn't generate this warning.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.6.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.3.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Status: Patch Available (was: Open)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222745#comment-13222745 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517147/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.ipc.TestRPCCallBenchmark
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/676//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/676//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13228459#comment-13228459 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
Docs:
Is the only documentation going to be the javadoc code? How are admins supposed to find this?
---
{code}
+ * ShellBasedUnixGroupsMapping should be sufficient. However, in cases where
{code}
"is preferred" rather than "should be sufficient".
{code}
+ * access control, this class maybe used to communicate directly with the LDAP
{code}
may be
---
Functional:
a) I'm still concerned about what happens when this code hits a search limit. I suspect that the places most likely to deploy this plug-in will have this issue...
b) Am I correct that we don't support cascading groupOfNames? If not, that should also be documented.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225527#comment-13225527 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517603/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/688//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/688//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/688//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.2.patch
Updated with a new patch that includes some mockito-based tests.
For fairly obvious reasons, it's difficult to test most of this functionality in an automated fashion. Manually, I did tested valid and invalid configs against an Active Directory server using both SSL- and non-SSL-enabled configurations.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121-common.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.5.patch
After reading through the LDAP library code, I decided caching the connection probably isn't a big deal, and I've restructured this patch slightly to do so.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.5.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233077#comment-13233077 ]
Hudson commented on HADOOP-8121:
--------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #1979 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1979/])
HADOOP-8121. Active Directory Group Mapping Service. Contributed by Jonathan Natkins. (Revision 1302740)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1302740
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.2
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Fix For: 0.23.3
>
> Attachments: HADOOP-8121-common.patch, HADOOP-8121-common.patch, HADOOP-8121-hdfs.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221148#comment-13221148 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Patch looks pretty good, Natty. I agree the test is substantially improved from the last patch. A few comments:
# I like the class rename to be more generic, but the class method comment should be changed to suit.
# Please use 4-space indentation on lines that run over 80 characters. (The configuration key lines that run over 80 chars are fine.)
# I think it'd be good to have a config prefix variable for "hadoop.ssecurity.group.mapping.ldap" that you can append all of the config keys to.
# The config keys and their default values should also be put in core-default.xml as well as in the code, for documentation purposes.
# It seems odd to me that we'll create a new DirContext for every call to getGroups(). Can that connection to the LDAP server not be cached for the lifetime of the GMSP? Is there a performance issue with creating a new DirContext each time, e.g. extra round trips to the LDAP server? (I don't know that there is a perf issue, but there might be.)
# There's a mention of "HDFS" in the comments of LdapGroupsMapping, but the class will be used by both HDFS and MR.
# Are there not constants in the Java libraries that could be used in lieu of the hard-coded strings "javax.net.ssl.keyStorePassword", "javax.net.ssl.keyStore", etc? (There very well may not be, I'm not sure.)
# Using the mockContext from a non-static inner class seems a little goofy to me. Instead, try just making an instance of LdapGroupsMapping and then using Mockito.spy(...) to interpose on the calls to createDirContext.
# Add an "ldapUrl == null ||" to the check in setConf for an unconfigured ldapUrl.
# You might consider a static import of Mockito.*, so you can get rid of all the "Mockito." throughout the test.
# Some goofy indentation in the first call to "Mockito.when".
# The test class could use a few more comments, e.g. it took me a minute to realize you were setting up the mock to return first the user name, then the group name on consecutive calls to DirContext#search.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13223751#comment-13223751 ]
Jonathan Natkins commented on HADOOP-8121:
------------------------------------------
Agreed, it would be worthwhile to test against ApacheDS. In light of the fact that I'm relatively unfamiliar with ApacheDS, I've filed HADOOP-8145 to track this. For the time being, the library code has been mocked to test the functionality of all the non-library code, if that's alright.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
I've added some documentation to hdfs_permissions_guide.xml to note that the implementation exists, and point to the javadocs for more information.
I've also added some additional information on the topics we've discussed to the javadocs, and filed HADOOP-8170 to track the search limit improvement.
Additionally, I've updated the patch to hopefully deal with the findbugs warnings that popped up last time.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226260#comment-13226260 ]
Allen Wittenauer commented on HADOOP-8121:
------------------------------------------
Does this code properly handle LDAP search limits? What happens if it hits one? (Many LDAP servers put a limit on the number of results that may be returned in a single query. This is extremely common and many larger LDAP deployments will have this in place as a low grade protection against DoS attacks.)
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13228128#comment-13228128 ]
Aaron T. Myers commented on HADOOP-8121:
----------------------------------------
Allen, has Jon addressed your concerns?
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.patch
I take my previous suggestion back. I've rejiggered the code a bit to be group-centric, so that for both Active Directory and non-AD LDAP, we'll search by the member attribute of the group (instead of the memberOf attribute of the user), which should bring back all the groups that a user is a member of. This will easily support groupOfNames and groupOfUniqueNames group classes in non-AD.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226917#comment-13226917 ]
Hadoop QA commented on HADOOP-8121:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12517807/HADOOP-8121.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 4 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The applied patch generated 1039 javac compiler warnings (more than the trunk's current 1038 warnings).
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/697//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/697//artifact/trunk/hadoop-common-project/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/697//console
This message is automatically generated.
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8121) Active Directory Group Mapping
Service
Posted by "Jonathan Natkins (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Natkins updated HADOOP-8121:
-------------------------------------
Attachment: HADOOP-8121.4.patch
> Active Directory Group Mapping Service
> --------------------------------------
>
> Key: HADOOP-8121
> URL: https://issues.apache.org/jira/browse/HADOOP-8121
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Jonathan Natkins
> Assignee: Jonathan Natkins
> Attachments: HADOOP-8121.2.patch, HADOOP-8121.3.patch, HADOOP-8121.4.patch, HADOOP-8121.patch
>
>
> Planning on building a group mapping service that will go and talk directly to an Active Directory setup to get group memberships
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira