You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Andrew Perepelytsya (JIRA)" <ji...@apache.org> on 2013/04/10 18:18:16 UTC
[jira] [Commented] (HADOOP-8943) Support multiple group mapping
providers
[ https://issues.apache.org/jira/browse/HADOOP-8943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627939#comment-13627939 ]
Andrew Perepelytsya commented on HADOOP-8943:
---------------------------------------------
Hi, any action on this patch? All checkpoints green. This is the major step in supporting access control lists on Hadoop.
> Support multiple group mapping providers
> ----------------------------------------
>
> Key: HADOOP-8943
> URL: https://issues.apache.org/jira/browse/HADOOP-8943
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Fix For: 2.0.5-beta
>
> Attachments: HADOOP-8943.patch, HADOOP-8943.patch, HADOOP-8943.patch
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> Discussed with Natty about LdapGroupMapping, we need to improve it so that:
> 1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping;
> 2. Multiple ADs can be supported to do LdapGroupMapping;
> 3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism.
> 4. It's possible to configure and combine multiple existing mapping providers without writing codes implementing new one.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira