You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2018/12/10 20:58:00 UTC
[jira] [Commented] (HADOOP-15995) LdapGroupsMapping should use the
bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715548#comment-16715548 ]
Larry McCay commented on HADOOP-15995:
--------------------------------------
Hi [~lukmajercak] - can you explain why the current implementation which is aligned with other previously configured passwords doesn't meet your needs?
Changing the behavior to use the value of the property rather than the key of the property as the alias definitely makes it different from other properties and it doesn't seem to even preserve the ability to use the key.
> LdapGroupsMapping should use the bind.password config value as credential alias
> -------------------------------------------------------------------------------
>
> Key: HADOOP-15995
> URL: https://issues.apache.org/jira/browse/HADOOP-15995
> Project: Hadoop Common
> Issue Type: Bug
> Components: common
> Reporter: Lukas Majercak
> Assignee: Lukas Majercak
> Priority: Major
> Attachments: HADOOP-15995.001.patch
>
>
> Currently, the property name hadoop.security.group.mapping.ldap.bind.password is used as an alias to get password from CredentialProviders. This has a big issue, which is that when we configure multiple LdapGroupsMapping providers through CompositeGroupsMapping, they will all have the same alias, and won't be able to be distinguished. The proposal is to use the value of the property instead, which would fix this issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org