You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Aaron T. Myers (JIRA)" <ji...@apache.org> on 2015/01/22 18:38:35 UTC

[jira] [Commented] (HADOOP-10626) Limit Returning Attributes for LDAP search

    [ https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287827#comment-14287827 ] 

Aaron T. Myers commented on HADOOP-10626:
-----------------------------------------

Hi Jason, the patch looks pretty good to me in the abstract, thanks for providing it and for doing that testing.

One question for you - the javadocs for the {{SearchControls}} class seem to indicate that by default all attributes will be returned by a search. Specifically, I'm looking at this bit of text in the description of the no args constructor (emphasis mine):

{quote}
The defaults are:

* search one level
* no maximum return limit for search results
* no time limit for search
* *return all attributes associated with objects that satisfy the search filter.*
* do not return named object (return only name and class)
* do not dereference links during search
{quote}

Given this, why is it necessary to explicitly add the group name attribute to the search results? Are the javadocs incorrect? Or am I just misunderstanding something?

> Limit Returning Attributes for LDAP search
> ------------------------------------------
>
>                 Key: HADOOP-10626
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10626
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Jason Hubbard
>            Assignee: Jason Hubbard
>              Labels: easyfix, newbie, performance
>         Attachments: HADOOP-10626.patch
>
>
> When using Hadoop Ldap Group mappings in an enterprise environment, searching groups and returning all members can take a long time causing a timeout.  This causes not all groups to be returned for a user.  Because the first search only searches for the user dn and the second search retrieves the group member attribute, we only need to return the group member attribute on the search speeding up the search.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)