You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2012/10/19 04:40:04 UTC

[jira] [Created] (HADOOP-8943) Enable to support multiple ADs and different group mapping for different user

Kai Zheng created HADOOP-8943:
---------------------------------

             Summary: Enable to support multiple ADs and different group mapping for different user
                 Key: HADOOP-8943
                 URL: https://issues.apache.org/jira/browse/HADOOP-8943
             Project: Hadoop Common
          Issue Type: Improvement
          Components: security
            Reporter: Kai Zheng
             Fix For: 2.0.3-alpha


Discussed with Natty about LdapGroupMapping, we need to improve it so that:
1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but  service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping; 

2. Multiple ADs can be supported to do LdapGroupMapping;

3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (HADOOP-8943) Enable to support multiple ADs and different group mapping for different user

Posted by "Kai Zheng (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HADOOP-8943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kai Zheng updated HADOOP-8943:
------------------------------

    Attachment: HADOOP-8943.patch

Initial patch for review.
                
> Enable to support multiple ADs and different group mapping for different user
> -----------------------------------------------------------------------------
>
>                 Key: HADOOP-8943
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8943
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>             Fix For: 2.0.3-alpha
>
>         Attachments: HADOOP-8943.patch
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
>   Discussed with Natty about LdapGroupMapping, we need to improve it so that: 
> 1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping; 
> 2. Multiple ADs can be supported to do LdapGroupMapping; 
> 3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (HADOOP-8943) Enable to support multiple ADs and different group mapping for different user

Posted by "Tianyou Li (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HADOOP-8943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tianyou Li updated HADOOP-8943:
-------------------------------

    Description: 
  Discussed with Natty about LdapGroupMapping, we need to improve it so that: 
1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping; 

2. Multiple ADs can be supported to do LdapGroupMapping; 

3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism. 

  was:  

    
> Enable to support multiple ADs and different group mapping for different user
> -----------------------------------------------------------------------------
>
>                 Key: HADOOP-8943
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8943
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>             Fix For: 2.0.3-alpha
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
>   Discussed with Natty about LdapGroupMapping, we need to improve it so that: 
> 1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping; 
> 2. Multiple ADs can be supported to do LdapGroupMapping; 
> 3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (HADOOP-8943) Enable to support multiple ADs and different group mapping for different user

Posted by "Tianyou Li (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HADOOP-8943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tianyou Li updated HADOOP-8943:
-------------------------------

    Description:     (was: Discussed with Natty about LdapGroupMapping, we need to improve it so that:
1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but  service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping; 

2. Multiple ADs can be supported to do LdapGroupMapping;

3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism.
)
    
> Enable to support multiple ADs and different group mapping for different user
> -----------------------------------------------------------------------------
>
>                 Key: HADOOP-8943
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8943
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>             Fix For: 2.0.3-alpha
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira