Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12291

Add support for nested groups in LdapGroupsMapping

    Details

    • Target Version/s:

      Description

      When using LdapGroupsMapping with Hadoop, nested groups are not supported. So for example if user jdoe is part of group A which is a member of group B, the group mapping currently returns only group A.

      Currently this facility is available with ShellBasedUnixGroupsMapping and SSSD (or similar tools) but would be good to have this feature as part of LdapGroupsMapping directly.

      1. HADOOP-12291.001.patch
        13 kB
        Esther Kundin
      2. HADOOP-12291.002.patch
        13 kB
        Esther Kundin
      3. HADOOP-12291.003.patch
        14 kB
        Esther Kundin
      4. HADOOP-12291.004.patch
        14 kB
        Esther Kundin
      5. HADOOP-12291.005.patch
        14 kB
        Esther Kundin
      6. HADOOP-12291.006.patch
        16 kB
        Esther Kundin
      7. HADOOP-12291.007.patch
        18 kB
        Esther Kundin
      8. HADOOP-12291.008.patch
        18 kB
        Esther Kundin
      9. HADOOP-12291.009.patch
        18 kB
        Esther Kundin

        Issue Links

          Activity

          Hide
          anu Anu Engineer added a comment -

          Jitendra Nath Pandey I think it is due to the fact that branch-2.8 is missing HADOOP-12782. if we commit that JIRA, this one should be able to go in without conflicts.

          Show
          anu Anu Engineer added a comment - Jitendra Nath Pandey I think it is due to the fact that branch-2.8 is missing HADOOP-12782 . if we commit that JIRA, this one should be able to go in without conflicts.
          Hide
          jnp Jitendra Nath Pandey added a comment -

          I am resolving as fixed for 2.9. If it is a must have for 2.8, please re-open. cc Vinod Kumar Vavilapalli

          Show
          jnp Jitendra Nath Pandey added a comment - I am resolving as fixed for 2.9. If it is a must have for 2.8, please re-open. cc Vinod Kumar Vavilapalli
          Hide
          jnp Jitendra Nath Pandey added a comment -

          I have committed this to branch-2 as well. However the patch doesn't apply to branch-2.8. There are other patches in this context that are pre-requisites for this to apply cleanly in branch-2.8. I am inclined to leave it as fixed in 2.9 only.

          Show
          jnp Jitendra Nath Pandey added a comment - I have committed this to branch-2 as well. However the patch doesn't apply to branch-2.8. There are other patches in this context that are pre-requisites for this to apply cleanly in branch-2.8. I am inclined to leave it as fixed in 2.9 only.
          Hide
          hudson Hudson added a comment -

          ABORTED: Integrated in Hadoop-trunk-Commit #9963 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9963/)
          HADOOP-12291. Add support for nested groups in LdapGroupsMapping. (jitendra: rev 6f0aa75121224589fe1e20630c597f851ef3bed2)

          • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
          • hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
          • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
          • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithPosixGroup.java
          • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingBase.java
          Show
          hudson Hudson added a comment - ABORTED: Integrated in Hadoop-trunk-Commit #9963 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9963/ ) HADOOP-12291 . Add support for nested groups in LdapGroupsMapping. (jitendra: rev 6f0aa75121224589fe1e20630c597f851ef3bed2) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java hadoop-common-project/hadoop-common/src/main/resources/core-default.xml hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithPosixGroup.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingBase.java
          Hide
          jnp Jitendra Nath Pandey added a comment -

          I have committed this to trunk. Thanks for the contribution, Esther Kundin.
          Keeping the jira open until committed to branch-2 and branch-2.8.

          Show
          jnp Jitendra Nath Pandey added a comment - I have committed this to trunk. Thanks for the contribution, Esther Kundin . Keeping the jira open until committed to branch-2 and branch-2.8.
          Hide
          jnp Jitendra Nath Pandey added a comment -

          +1 for the latest patch. I will commit it shortly.

          Show
          jnp Jitendra Nath Pandey added a comment - +1 for the latest patch. I will commit it shortly.
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 15s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 3 new or modified test files.
          +1 mvninstall 6m 34s trunk passed
          +1 compile 7m 2s trunk passed
          +1 checkstyle 0m 24s trunk passed
          +1 mvnsite 0m 57s trunk passed
          +1 mvneclipse 0m 11s trunk passed
          +1 findbugs 1m 27s trunk passed
          +1 javadoc 0m 47s trunk passed
          +1 mvninstall 0m 38s the patch passed
          +1 compile 6m 34s the patch passed
          +1 javac 6m 34s the patch passed
          +1 checkstyle 0m 23s hadoop-common-project/hadoop-common: The patch generated 0 new + 37 unchanged - 3 fixed = 37 total (was 40)
          +1 mvnsite 0m 53s the patch passed
          +1 mvneclipse 0m 12s the patch passed
          +1 whitespace 0m 1s The patch has no whitespace issues.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 findbugs 1m 27s the patch passed
          +1 javadoc 0m 45s the patch passed
          +1 unit 7m 44s hadoop-common in the patch passed.
          +1 asflicense 0m 20s The patch does not generate ASF License warnings.
          37m 19s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:e2f6409
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808995/HADOOP-12291.009.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux 3321ce7f2792 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 25064fb
          Default Java 1.8.0_91
          findbugs v3.0.0
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9779/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9779/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 15s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 3 new or modified test files. +1 mvninstall 6m 34s trunk passed +1 compile 7m 2s trunk passed +1 checkstyle 0m 24s trunk passed +1 mvnsite 0m 57s trunk passed +1 mvneclipse 0m 11s trunk passed +1 findbugs 1m 27s trunk passed +1 javadoc 0m 47s trunk passed +1 mvninstall 0m 38s the patch passed +1 compile 6m 34s the patch passed +1 javac 6m 34s the patch passed +1 checkstyle 0m 23s hadoop-common-project/hadoop-common: The patch generated 0 new + 37 unchanged - 3 fixed = 37 total (was 40) +1 mvnsite 0m 53s the patch passed +1 mvneclipse 0m 12s the patch passed +1 whitespace 0m 1s The patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 findbugs 1m 27s the patch passed +1 javadoc 0m 45s the patch passed +1 unit 7m 44s hadoop-common in the patch passed. +1 asflicense 0m 20s The patch does not generate ASF License warnings. 37m 19s Subsystem Report/Notes Docker Image:yetus/hadoop:e2f6409 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808995/HADOOP-12291.009.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux 3321ce7f2792 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 25064fb Default Java 1.8.0_91 findbugs v3.0.0 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9779/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9779/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          What do I need to do to get a good run?

          Show
          ekundin Esther Kundin added a comment - What do I need to do to get a good run?
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          -1 docker 0m 7s Docker failed to build yetus/hadoop:2c91fd8.



          Subsystem Report/Notes
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808995/HADOOP-12291.009.patch
          JIRA Issue HADOOP-12291
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9693/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. -1 docker 0m 7s Docker failed to build yetus/hadoop:2c91fd8. Subsystem Report/Notes JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808995/HADOOP-12291.009.patch JIRA Issue HADOOP-12291 Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9693/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          I noticed an issue with the patch in any case due to an artifact of the merge. Made one final change and resubmitted version 9... Let's hope this one goes through.

          Show
          ekundin Esther Kundin added a comment - I noticed an issue with the patch in any case due to an artifact of the merge. Made one final change and resubmitted version 9... Let's hope this one goes through.
          Hide
          anu Anu Engineer added a comment -

          please see - https://issues.apache.org/jira/browse/HADOOP-13248
          I don't think patch-8 is going to picked up by jenkins again automatically. We will need to rerun the build or remove and reattach the patch.

          Show
          anu Anu Engineer added a comment - please see - https://issues.apache.org/jira/browse/HADOOP-13248 I don't think patch-8 is going to picked up by jenkins again automatically. We will need to rerun the build or remove and reattach the patch.
          Hide
          ekundin Esther Kundin added a comment -

          Ok, did that.

          Show
          ekundin Esther Kundin added a comment - Ok, did that.
          Hide
          jnp Jitendra Nath Pandey added a comment -

          +1 for the latest patch. I will commit after a good jenkins run.

          Show
          jnp Jitendra Nath Pandey added a comment - +1 for the latest patch. I will commit after a good jenkins run.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          -1 docker 0m 5s Docker failed to build yetus/hadoop:2c91fd8.



          Subsystem Report/Notes
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808976/HADOOP-12291.008.patch
          JIRA Issue HADOOP-12291
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9691/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. -1 docker 0m 5s Docker failed to build yetus/hadoop:2c91fd8. Subsystem Report/Notes JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808976/HADOOP-12291.008.patch JIRA Issue HADOOP-12291 Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9691/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          anu Anu Engineer added a comment -

          This failure is due to an issue we are tracking in yetus over dev-mailing lists. We have seen 3/4 incidents where Java installation fails in the docker mode.
          Please delete the patch and re-submit and hopefully jenkins will pick it up and re-run the patch.

          Show
          anu Anu Engineer added a comment - This failure is due to an issue we are tracking in yetus over dev-mailing lists. We have seen 3/4 incidents where Java installation fails in the docker mode. Please delete the patch and re-submit and hopefully jenkins will pick it up and re-run the patch.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          -1 docker 0m 5s Docker failed to build yetus/hadoop:2c91fd8.



          Subsystem Report/Notes
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808968/HADOOP-12291.008.patch
          JIRA Issue HADOOP-12291
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9690/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. -1 docker 0m 5s Docker failed to build yetus/hadoop:2c91fd8. Subsystem Report/Notes JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808968/HADOOP-12291.008.patch JIRA Issue HADOOP-12291 Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9690/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment - - edited

          I've rebased and uploaded version 8.

          Show
          ekundin Esther Kundin added a comment - - edited I've rebased and uploaded version 8.
          Hide
          jnp Jitendra Nath Pandey added a comment -

          Esther Kundin, could you please rebase the patch once again against the latest trunk? There are some small conflicts, but I don't think it changes the logic significantly.
          I will review and commit the rebased patch quickly. Thanks.

          Show
          jnp Jitendra Nath Pandey added a comment - Esther Kundin , could you please rebase the patch once again against the latest trunk? There are some small conflicts, but I don't think it changes the logic significantly. I will review and commit the rebased patch quickly. Thanks.
          Hide
          jnp Jitendra Nath Pandey added a comment -

          +1

          Show
          jnp Jitendra Nath Pandey added a comment - +1
          Hide
          ekundin Esther Kundin added a comment -

          The posix code was added after I started working on the patch and goes down a different code path. I only added support for ldap hierarchies, I don't think it will work with posix, so I added the check.

          Show
          ekundin Esther Kundin added a comment - The posix code was added after I started working on the patch and goes down a different code path. I only added support for ldap hierarchies, I don't think it will work with posix, so I added the check.
          Hide
          anu Anu Engineer added a comment -
           if (goUpHierarchy > 0 && !isPosix) {
          

          Why did we add !isPosix ? is this something that you discovered in testing ? I don't see that in the last patch. Not that it is an issue, more of a question for my own understanding.

          Show
          anu Anu Engineer added a comment - if (goUpHierarchy > 0 && !isPosix) { Why did we add !isPosix ? is this something that you discovered in testing ? I don't see that in the last patch. Not that it is an issue, more of a question for my own understanding.
          Hide
          anu Anu Engineer added a comment -

          +1, (Non-binding). Thanks for for updating the patch. Changes look good to me.

          Show
          anu Anu Engineer added a comment - +1, (Non-binding). Thanks for for updating the patch. Changes look good to me.
          Hide
          ekundin Esther Kundin added a comment -

          The test failures look unrelated to my update.

          Show
          ekundin Esther Kundin added a comment - The test failures look unrelated to my update.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 12m 12s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 3 new or modified test files.
          +1 mvninstall 7m 1s trunk passed
          +1 compile 7m 2s trunk passed
          +1 checkstyle 0m 23s trunk passed
          +1 mvnsite 0m 56s trunk passed
          +1 mvneclipse 0m 11s trunk passed
          +1 findbugs 1m 23s trunk passed
          +1 javadoc 0m 59s trunk passed
          +1 mvninstall 0m 39s the patch passed
          +1 compile 6m 40s the patch passed
          +1 javac 6m 40s the patch passed
          +1 checkstyle 0m 23s hadoop-common-project/hadoop-common: The patch generated 0 new + 37 unchanged - 3 fixed = 37 total (was 40)
          +1 mvnsite 0m 54s the patch passed
          +1 mvneclipse 0m 10s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 2s The patch has no ill-formed XML file.
          +1 findbugs 1m 46s the patch passed
          +1 javadoc 1m 4s the patch passed
          -1 unit 9m 34s hadoop-common in the patch failed.
          +1 asflicense 0m 20s The patch does not generate ASF License warnings.
          52m 25s



          Reason Tests
          Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics
            hadoop.security.ssl.TestReloadingX509TrustManager



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:2c91fd8
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808012/HADOOP-12291.007.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux be535bca8b13 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / c58a59f
          Default Java 1.8.0_91
          findbugs v3.0.0
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 12m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 3 new or modified test files. +1 mvninstall 7m 1s trunk passed +1 compile 7m 2s trunk passed +1 checkstyle 0m 23s trunk passed +1 mvnsite 0m 56s trunk passed +1 mvneclipse 0m 11s trunk passed +1 findbugs 1m 23s trunk passed +1 javadoc 0m 59s trunk passed +1 mvninstall 0m 39s the patch passed +1 compile 6m 40s the patch passed +1 javac 6m 40s the patch passed +1 checkstyle 0m 23s hadoop-common-project/hadoop-common: The patch generated 0 new + 37 unchanged - 3 fixed = 37 total (was 40) +1 mvnsite 0m 54s the patch passed +1 mvneclipse 0m 10s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 2s The patch has no ill-formed XML file. +1 findbugs 1m 46s the patch passed +1 javadoc 1m 4s the patch passed -1 unit 9m 34s hadoop-common in the patch failed. +1 asflicense 0m 20s The patch does not generate ASF License warnings. 52m 25s Reason Tests Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics   hadoop.security.ssl.TestReloadingX509TrustManager Subsystem Report/Notes Docker Image:yetus/hadoop:2c91fd8 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12808012/HADOOP-12291.007.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux be535bca8b13 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / c58a59f Default Java 1.8.0_91 findbugs v3.0.0 unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9659/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          -1 patch 0m 4s HADOOP-12291 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help.



          Subsystem Report/Notes
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12803871/HADOOP-12291.006.patch
          JIRA Issue HADOOP-12291
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9626/console
          Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. -1 patch 0m 4s HADOOP-12291 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. Subsystem Report/Notes JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12803871/HADOOP-12291.006.patch JIRA Issue HADOOP-12291 Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9626/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          Interesting, but it's not letting me reassign it to myself either.

          Show
          ekundin Esther Kundin added a comment - Interesting, but it's not letting me reassign it to myself either.
          Hide
          anu Anu Engineer added a comment -

          Esther Kundin JIRA was not letting me move the patch to open and patch available state again without being able to own the JIRA. I have picked the JIRA and hopefully jenkins will pick it up. Can you please assign this JIRA back to you ? I am having difficulties doing that.

          Show
          anu Anu Engineer added a comment - Esther Kundin JIRA was not letting me move the patch to open and patch available state again without being able to own the JIRA. I have picked the JIRA and hopefully jenkins will pick it up. Can you please assign this JIRA back to you ? I am having difficulties doing that.
          Hide
          ekundin Esther Kundin added a comment -

          Attached the fixed patch on 13/May/16.

          Show
          ekundin Esther Kundin added a comment - Attached the fixed patch on 13/May/16.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Esther Kundin you can take a look at my latest patch for HADOOP-12701 for reference to fix checkstyle warning.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Esther Kundin you can take a look at my latest patch for HADOOP-12701 for reference to fix checkstyle warning.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          +1 (non-binding) after fixing the checkstyle warning. Anu Engineer, HADOOP-12701 added checkstyle verification for tests.

          Show
          jojochuang Wei-Chiu Chuang added a comment - +1 (non-binding) after fixing the checkstyle warning. Anu Engineer , HADOOP-12701 added checkstyle verification for tests.
          Hide
          anu Anu Engineer added a comment -

          Esther Kundin Thanks for taking care of the comments. Test failures are not related to the latest patch. It would be good to take care of the checkstyle warnings. I was under the impression that checkstyle was not run on tests before, quite possibly a change in Yetus (the build system of hadoop) that is throwing these warnings now.

          Show
          anu Anu Engineer added a comment - Esther Kundin Thanks for taking care of the comments. Test failures are not related to the latest patch. It would be good to take care of the checkstyle warnings. I was under the impression that checkstyle was not run on tests before, quite possibly a change in Yetus (the build system of hadoop) that is throwing these warnings now.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 13s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 7m 15s trunk passed
          +1 compile 7m 6s trunk passed with JDK v1.8.0_91
          +1 compile 7m 37s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 27s trunk passed
          +1 mvnsite 1m 7s trunk passed
          +1 mvneclipse 0m 14s trunk passed
          +1 findbugs 1m 35s trunk passed
          +1 javadoc 0m 59s trunk passed with JDK v1.8.0_91
          +1 javadoc 1m 9s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 46s the patch passed
          +1 compile 6m 36s the patch passed with JDK v1.8.0_91
          +1 javac 6m 36s the patch passed
          +1 compile 7m 11s the patch passed with JDK v1.7.0_95
          +1 javac 7m 11s the patch passed
          -1 checkstyle 0m 26s hadoop-common-project/hadoop-common: The patch generated 2 new + 45 unchanged - 0 fixed = 47 total (was 45)
          +1 mvnsite 1m 1s the patch passed
          +1 mvneclipse 0m 14s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 0s The patch has no ill-formed XML file.
          +1 findbugs 1m 59s the patch passed
          +1 javadoc 0m 57s the patch passed with JDK v1.8.0_91
          +1 javadoc 1m 10s the patch passed with JDK v1.7.0_95
          -1 unit 7m 52s hadoop-common in the patch failed with JDK v1.8.0_91.
          -1 unit 7m 50s hadoop-common in the patch failed with JDK v1.7.0_95.
          +1 asflicense 0m 23s The patch does not generate ASF License warnings.
          65m 19s



          Reason Tests
          JDK v1.8.0_91 Failed junit tests hadoop.security.ssl.TestReloadingX509TrustManager
          JDK v1.7.0_95 Failed junit tests hadoop.net.TestDNS



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:cf2ee45
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12803471/HADOOP-12291.005.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux 9be0a4d253d0 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / acb509b
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_91 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_91.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_91.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/console
          Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 13s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 7m 15s trunk passed +1 compile 7m 6s trunk passed with JDK v1.8.0_91 +1 compile 7m 37s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 27s trunk passed +1 mvnsite 1m 7s trunk passed +1 mvneclipse 0m 14s trunk passed +1 findbugs 1m 35s trunk passed +1 javadoc 0m 59s trunk passed with JDK v1.8.0_91 +1 javadoc 1m 9s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 46s the patch passed +1 compile 6m 36s the patch passed with JDK v1.8.0_91 +1 javac 6m 36s the patch passed +1 compile 7m 11s the patch passed with JDK v1.7.0_95 +1 javac 7m 11s the patch passed -1 checkstyle 0m 26s hadoop-common-project/hadoop-common: The patch generated 2 new + 45 unchanged - 0 fixed = 47 total (was 45) +1 mvnsite 1m 1s the patch passed +1 mvneclipse 0m 14s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 0s The patch has no ill-formed XML file. +1 findbugs 1m 59s the patch passed +1 javadoc 0m 57s the patch passed with JDK v1.8.0_91 +1 javadoc 1m 10s the patch passed with JDK v1.7.0_95 -1 unit 7m 52s hadoop-common in the patch failed with JDK v1.8.0_91. -1 unit 7m 50s hadoop-common in the patch failed with JDK v1.7.0_95. +1 asflicense 0m 23s The patch does not generate ASF License warnings. 65m 19s Reason Tests JDK v1.8.0_91 Failed junit tests hadoop.security.ssl.TestReloadingX509TrustManager JDK v1.7.0_95 Failed junit tests hadoop.net.TestDNS Subsystem Report/Notes Docker Image:yetus/hadoop:cf2ee45 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12803471/HADOOP-12291.005.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux 9be0a4d253d0 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / acb509b Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_91 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_91.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_91.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9371/console Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          I have added in the debug line, as requested.

          Show
          ekundin Esther Kundin added a comment - I have added in the debug line, as requested.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Thanks. You're right about #3.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Thanks. You're right about #3.
          Hide
          ekundin Esther Kundin added a comment -

          Hi Wei.
          1. I will add it in.
          2. No, this is not compatible with posixGroup
          3. The context is actually cached, the first line of

          getDirContext()

          is

          if (ctx == null) 

          . So I think it's fine the way it is.

          Show
          ekundin Esther Kundin added a comment - Hi Wei. 1. I will add it in. 2. No, this is not compatible with posixGroup 3. The context is actually cached, the first line of getDirContext() is if (ctx == null ) . So I think it's fine the way it is.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Thanks for the contribution. I reviewed it again.

          1. Could you add a debug message in goUpGroupHierarchy() to print out the filter string before the LDAP query is sent out?
          2. I suppose this is not compatible with posixGroup?
          3. In each goUpGroupHierarchy(), you get a new InitialDirContext object through getDirContext(). This can slow down performance since it will start a new connection per call. It's better to reuse the connection.

          Thanks!

          Show
          jojochuang Wei-Chiu Chuang added a comment - Thanks for the contribution. I reviewed it again. Could you add a debug message in goUpGroupHierarchy() to print out the filter string before the LDAP query is sent out? I suppose this is not compatible with posixGroup? In each goUpGroupHierarchy() , you get a new InitialDirContext object through getDirContext() . This can slow down performance since it will start a new connection per call. It's better to reuse the connection. Thanks!
          Hide
          ekundin Esther Kundin added a comment -

          I have tested the change independently on a real LDAP server.

          Show
          ekundin Esther Kundin added a comment - I have tested the change independently on a real LDAP server.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Looks good to me. Thanks for the contribution, Esther Kundin.
          Has this been tested against a real LDAP server? Like Active Directory server or Apache Directive Service.

          I have a patch available for unit-testing LdapGroupsMapping using ActiveDirectory service (HADOOP-8145), but with the ongoing change to replace MiniKdc with Kerby, I'm not sure if I should re-implement it using Kerby.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Looks good to me. Thanks for the contribution, Esther Kundin . Has this been tested against a real LDAP server? Like Active Directory server or Apache Directive Service. I have a patch available for unit-testing LdapGroupsMapping using ActiveDirectory service ( HADOOP-8145 ), but with the ongoing change to replace MiniKdc with Kerby, I'm not sure if I should re-implement it using Kerby.
          Hide
          ekundin Esther Kundin added a comment -

          I got it.

          Show
          ekundin Esther Kundin added a comment - I got it.
          Hide
          ekundin Esther Kundin added a comment -

          You're welcome, and it was a pleasure working with you!

          Show
          ekundin Esther Kundin added a comment - You're welcome, and it was a pleasure working with you!
          Hide
          anu Anu Engineer added a comment -

          Esther Kundin My apologies for not catching this earlier. But we need to modify the documentation for this feature too. I have filed HADOOP-13102 as a documentation JIRA. You can assign it to yourself or send it to me.

          Show
          anu Anu Engineer added a comment - Esther Kundin My apologies for not catching this earlier. But we need to modify the documentation for this feature too. I have filed HADOOP-13102 as a documentation JIRA. You can assign it to yourself or send it to me.
          Hide
          anu Anu Engineer added a comment -

          The v4 patch looks excellent. Thank you for the update and this contribution.
          +1, (Non-Binding)

          Show
          anu Anu Engineer added a comment - The v4 patch looks excellent. Thank you for the update and this contribution. +1, (Non-Binding)
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 14s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 7m 2s trunk passed
          +1 compile 5m 59s trunk passed with JDK v1.8.0_91
          +1 compile 6m 46s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 22s trunk passed
          +1 mvnsite 1m 0s trunk passed
          +1 mvneclipse 0m 13s trunk passed
          +1 findbugs 1m 35s trunk passed
          +1 javadoc 0m 53s trunk passed with JDK v1.8.0_91
          +1 javadoc 1m 3s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 41s the patch passed
          +1 compile 5m 47s the patch passed with JDK v1.8.0_91
          +1 javac 5m 47s the patch passed
          +1 compile 6m 48s the patch passed with JDK v1.7.0_95
          +1 javac 6m 48s the patch passed
          +1 checkstyle 0m 22s the patch passed
          +1 mvnsite 0m 55s the patch passed
          +1 mvneclipse 0m 14s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 0s The patch has no ill-formed XML file.
          +1 findbugs 1m 50s the patch passed
          +1 javadoc 0m 53s the patch passed with JDK v1.8.0_91
          +1 javadoc 1m 8s the patch passed with JDK v1.7.0_95
          +1 unit 7m 47s hadoop-common in the patch passed with JDK v1.8.0_91.
          +1 unit 8m 0s hadoop-common in the patch passed with JDK v1.7.0_95.
          +1 asflicense 0m 24s The patch does not generate ASF License warnings.
          61m 9s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:cf2ee45
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12802409/HADOOP-12291.004.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux 4d827a4229e8 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 72b0477
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_91 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9289/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9289/console
          Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 14s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 7m 2s trunk passed +1 compile 5m 59s trunk passed with JDK v1.8.0_91 +1 compile 6m 46s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 22s trunk passed +1 mvnsite 1m 0s trunk passed +1 mvneclipse 0m 13s trunk passed +1 findbugs 1m 35s trunk passed +1 javadoc 0m 53s trunk passed with JDK v1.8.0_91 +1 javadoc 1m 3s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 41s the patch passed +1 compile 5m 47s the patch passed with JDK v1.8.0_91 +1 javac 5m 47s the patch passed +1 compile 6m 48s the patch passed with JDK v1.7.0_95 +1 javac 6m 48s the patch passed +1 checkstyle 0m 22s the patch passed +1 mvnsite 0m 55s the patch passed +1 mvneclipse 0m 14s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 0s The patch has no ill-formed XML file. +1 findbugs 1m 50s the patch passed +1 javadoc 0m 53s the patch passed with JDK v1.8.0_91 +1 javadoc 1m 8s the patch passed with JDK v1.7.0_95 +1 unit 7m 47s hadoop-common in the patch passed with JDK v1.8.0_91. +1 unit 8m 0s hadoop-common in the patch passed with JDK v1.7.0_95. +1 asflicense 0m 24s The patch does not generate ASF License warnings. 61m 9s Subsystem Report/Notes Docker Image:yetus/hadoop:cf2ee45 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12802409/HADOOP-12291.004.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux 4d827a4229e8 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 72b0477 Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_91 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9289/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9289/console Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          Anu, thanks for the feedback. I've attached v4 with changes based on your comments.

          Show
          ekundin Esther Kundin added a comment - Anu, thanks for the feedback. I've attached v4 with changes based on your comments.
          Hide
          anu Anu Engineer added a comment -

          Thanks for the Patch v3 and taking care of all the issues.

          I have 2 minor comments on Patch v3.

          LdapGroupsMapping.java Line:76 Let us remove this old comment.

          or a limit of -1, it will traverse the entire tree, but
          this is not recommended as it will degrade performance.
          

          Since we decided not to support -1 and the code does not check for that, It might be safer to modify these three lines.

          LdapGroupsMapping.java Line 311

           getGroupNames(groupResult, groups, groupDNs, goUpHierarchy != 0); 

          as

           getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0); 

          LdapGroupsMapping.java Line 313

           if (goUpHierarchy != 0)  

          as

           if (goUpHierarchy > 0) 

          LdapGroupsMapping.java Line 358

            if (goUpHierarchy == 0 || groups.isEmpty()) 

          as

            if (goUpHierarchy <= 0 || groups.isEmpty()) 

          This is to prevent the case where someone sets the a value of -1 in the config and we treat it as a positive value in code. This reinforces our assumption that this value is always positive.

          Show
          anu Anu Engineer added a comment - Thanks for the Patch v3 and taking care of all the issues. I have 2 minor comments on Patch v3. LdapGroupsMapping.java Line:76 Let us remove this old comment. or a limit of -1, it will traverse the entire tree, but this is not recommended as it will degrade performance. Since we decided not to support -1 and the code does not check for that, It might be safer to modify these three lines. LdapGroupsMapping.java Line 311 getGroupNames(groupResult, groups, groupDNs, goUpHierarchy != 0); as getGroupNames(groupResult, groups, groupDNs, goUpHierarchy > 0); LdapGroupsMapping.java Line 313 if (goUpHierarchy != 0) as if (goUpHierarchy > 0) LdapGroupsMapping.java Line 358 if (goUpHierarchy == 0 || groups.isEmpty()) as if (goUpHierarchy <= 0 || groups.isEmpty()) This is to prevent the case where someone sets the a value of -1 in the config and we treat it as a positive value in code. This reinforces our assumption that this value is always positive.
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 19s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 9m 29s trunk passed
          +1 compile 12m 33s trunk passed with JDK v1.8.0_92
          +1 compile 9m 39s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 24s trunk passed
          +1 mvnsite 1m 18s trunk passed
          +1 mvneclipse 0m 17s trunk passed
          +1 findbugs 2m 0s trunk passed
          +1 javadoc 1m 29s trunk passed with JDK v1.8.0_92
          +1 javadoc 1m 33s trunk passed with JDK v1.7.0_95
          +1 mvninstall 1m 4s the patch passed
          +1 compile 12m 32s the patch passed with JDK v1.8.0_92
          +1 javac 12m 32s the patch passed
          +1 compile 9m 42s the patch passed with JDK v1.7.0_95
          +1 javac 9m 42s the patch passed
          +1 checkstyle 0m 27s the patch passed
          +1 mvnsite 1m 7s the patch passed
          +1 mvneclipse 0m 15s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 findbugs 2m 7s the patch passed
          +1 javadoc 1m 6s the patch passed with JDK v1.8.0_92
          +1 javadoc 1m 8s the patch passed with JDK v1.7.0_95
          +1 unit 10m 30s hadoop-common in the patch passed with JDK v1.8.0_92.
          +1 unit 9m 49s hadoop-common in the patch passed with JDK v1.7.0_95.
          +1 asflicense 0m 22s The patch does not generate ASF License warnings.
          90m 33s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:cf2ee45
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12802016/HADOOP-12291.003.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux 6fe9a702ed30 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / c6b4839
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_92 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9265/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9265/console
          Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 19s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 9m 29s trunk passed +1 compile 12m 33s trunk passed with JDK v1.8.0_92 +1 compile 9m 39s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 24s trunk passed +1 mvnsite 1m 18s trunk passed +1 mvneclipse 0m 17s trunk passed +1 findbugs 2m 0s trunk passed +1 javadoc 1m 29s trunk passed with JDK v1.8.0_92 +1 javadoc 1m 33s trunk passed with JDK v1.7.0_95 +1 mvninstall 1m 4s the patch passed +1 compile 12m 32s the patch passed with JDK v1.8.0_92 +1 javac 12m 32s the patch passed +1 compile 9m 42s the patch passed with JDK v1.7.0_95 +1 javac 9m 42s the patch passed +1 checkstyle 0m 27s the patch passed +1 mvnsite 1m 7s the patch passed +1 mvneclipse 0m 15s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 findbugs 2m 7s the patch passed +1 javadoc 1m 6s the patch passed with JDK v1.8.0_92 +1 javadoc 1m 8s the patch passed with JDK v1.7.0_95 +1 unit 10m 30s hadoop-common in the patch passed with JDK v1.8.0_92. +1 unit 9m 49s hadoop-common in the patch passed with JDK v1.7.0_95. +1 asflicense 0m 22s The patch does not generate ASF License warnings. 90m 33s Subsystem Report/Notes Docker Image:yetus/hadoop:cf2ee45 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12802016/HADOOP-12291.003.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux 6fe9a702ed30 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / c6b4839 Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_92 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9265/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9265/console Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          ekundin Esther Kundin added a comment -

          Ok, I see your point. I will make the changes suggested and upload a new patch.

          Show
          ekundin Esther Kundin added a comment - Ok, I see your point. I will make the changes suggested and upload a new patch.
          Hide
          anu Anu Engineer added a comment -

          The thought behind leaving the option of using -1 was that some companies may have a deeply nested structure and do not mind the the cost of the lookups.

          I do see the use case, but I am more worried that someone will have a slow LDAP/AD server and will cause a general slowdown of Namenode.

          Also another issue that I see is that with infinite recursion we really have no control over time out, based on this patch, time out is per query. So in the infinite recursion scheme the time is number of times you recur multiplied by time out. At that point timeOut really has no meaning. As you pointed out, in the current scheme it is 2 * timeOut. In your new scheme it will be max(Recur Depth, Configured Value) * timeOut. But in the infinite scheme, it is N * timeout where N is dependent on some values in AD.

          I am worried that support cost for such a feature would be too high, Also if we really need it, we know that with your patch it is an easy change to make.

          The DIRECTORY_SEARCH_TIMEOUT is a timeout set for each LDAP query.

          That works very well since we know the MAX_UPPER bound for the query. So max time is maxDepth * time out. Would you care to document that with your settings?

          I do not think you can make less LDAP queries.

          Thank you, good to know.

          I am looking forward to your next patch.

          Show
          anu Anu Engineer added a comment - The thought behind leaving the option of using -1 was that some companies may have a deeply nested structure and do not mind the the cost of the lookups. I do see the use case, but I am more worried that someone will have a slow LDAP/AD server and will cause a general slowdown of Namenode. Also another issue that I see is that with infinite recursion we really have no control over time out, based on this patch, time out is per query. So in the infinite recursion scheme the time is number of times you recur multiplied by time out. At that point timeOut really has no meaning. As you pointed out, in the current scheme it is 2 * timeOut . In your new scheme it will be max(Recur Depth, Configured Value) * timeOut . But in the infinite scheme, it is N * timeout where N is dependent on some values in AD. I am worried that support cost for such a feature would be too high, Also if we really need it, we know that with your patch it is an easy change to make. The DIRECTORY_SEARCH_TIMEOUT is a timeout set for each LDAP query. That works very well since we know the MAX_UPPER bound for the query. So max time is maxDepth * time out. Would you care to document that with your settings? I do not think you can make less LDAP queries. Thank you, good to know. I am looking forward to your next patch.
          Hide
          ekundin Esther Kundin added a comment -

          Thank you for the comments. I am working on some of the fixes.

          The thought behind leaving the option of using -1 was that some companies may have a deeply nested structure and do not mind the the cost of the lookups. We thought this would be the most flexible way of building the solution, and as the default is set appropriately, most people would not be impacted in any case. Do you feel strongly that the -1 option for infinite recursion should be removed?

          For your point 2, The DIRECTORY_SEARCH_TIMEOUT is a timeout set for each LDAP query. We are not changing the semantics of the current code, as it currently does 2 calls - one for the user and one for the group - and each of those calls will have the full timeout set. We are raising the number of calls, but the semantics are still the same, with the timeout being on a per-call basis.

          For your point 7, I do not think you can make less LDAP queries. You will always need at least one, in order to leave the original group lookup and the if check will take care of subsequent calls. I can add an extra check right at the start of goUpGroupHierarchy. This will prevent an extra query if the function is called incorrectly.

          Show
          ekundin Esther Kundin added a comment - Thank you for the comments. I am working on some of the fixes. The thought behind leaving the option of using -1 was that some companies may have a deeply nested structure and do not mind the the cost of the lookups. We thought this would be the most flexible way of building the solution, and as the default is set appropriately, most people would not be impacted in any case. Do you feel strongly that the -1 option for infinite recursion should be removed? For your point 2, The DIRECTORY_SEARCH_TIMEOUT is a timeout set for each LDAP query. We are not changing the semantics of the current code, as it currently does 2 calls - one for the user and one for the group - and each of those calls will have the full timeout set. We are raising the number of calls, but the semantics are still the same, with the timeout being on a per-call basis. For your point 7, I do not think you can make less LDAP queries. You will always need at least one, in order to leave the original group lookup and the if check will take care of subsequent calls. I can add an extra check right at the start of goUpGroupHierarchy. This will prevent an extra query if the function is called incorrectly.
          Hide
          anu Anu Engineer added a comment -

          Esther Kundin Thank you very much for providing this patch and taking care of most
          jenkins issues in patch 2. I have some minor comments on Patch 2.

          1. Do we need -1 at all? In most cases it will not work and really depends on the
            size of directory we are operating against. Since we know that it is not going to
            work or too slow in most cases, why support it ? My worry is that this will be used by
            some customer and will create very slow clusters. Can we please reduce this to positive key depth only ?
          2. what would be the impact of DIRECTORY_SEARCH_TIMEOUT
            with a positive depth? Does it bail after the time out seconds or does it measure
            timeout independently for each recursive query? if so, could you please define
            what is the right semantics here?
          3. In LdapGroupsMapping.java:line 312 : We add the groups to a list for all queries, but this is needed if the goUpHierarchy is != 0. Would you please add an if check? This is just to make sure that this code change does not change the memory usage if this feature is not enabled.
          4. In LdapGroupsMapping#goUpGroupHierarchy
            nitpick: can we please remove the reference to the JIRA number? "for HADOOP-12291", when we commit this patch, we will refer to it. So it may not be needed in comments
          5. nitpick: do you want to rewrite this to be
                int nextLevel = 0;
                if (goUpHierarchy == -1) {
                  nextLevel = -1;
                }
                else {
                  nextLevel = goUpHierarchy -1;
                }
                

            into

               int nextLevel = (goUpHierarchy == -1) ? -1: goUpHierarchy -1;
               

            Plus , Can you please define -1 as const like INFINITE_RECURSE = -1, so that code reading is easier ? or better just remove this INIFITE_RECURSE capability completely from code ?

          6. nitpick : would you like to pull this out as a function ?
              while (groupResults.hasMoreElements()) {
                      SearchResult groupResult = groupResults.nextElement();
                      Attribute groupName = groupResult.getAttributes().get(groupNameAttr);
                      groups.add(groupName.get().toString());
                      groupDNs.add(groupResult.getNameInNamespace());
                    }
               
          7. Do you think we should check for the goUpHierarchy == 0 before doing a LDAP query since queries are generally expensive. I may be mistaken but I think you can optimize away one query call if you check for the value little earlier.
          8. nitpick : Please feel free to ignore this. But we seem to be mixing StringBuilder.append and String Concat. If we are using StringBuilder could we possible use appends all along instead of creating an unnecessary string. I know that this is the style used in this file and you are just following it, thought I would flag it for your consideration.
            filter.append("(&" + groupSearchFilter + "(|");
            
          9. In TestLadpGroupMapping, Can you please use conf.setInt(LdapGroupsMapping.GROUP_HIERARCHY_LEVELS_KEY,1); instead of conf.set(LdapGroupsMapping.GROUP_HIERARCHY_LEVELS_KEY, "1");
          10. In the next patch would you please take care of this last checkstyle warning:
            ./hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java:368: }:5: '}' should be on the same line.
          Show
          anu Anu Engineer added a comment - Esther Kundin Thank you very much for providing this patch and taking care of most jenkins issues in patch 2. I have some minor comments on Patch 2. Do we need -1 at all? In most cases it will not work and really depends on the size of directory we are operating against. Since we know that it is not going to work or too slow in most cases, why support it ? My worry is that this will be used by some customer and will create very slow clusters. Can we please reduce this to positive key depth only ? what would be the impact of DIRECTORY_SEARCH_TIMEOUT with a positive depth? Does it bail after the time out seconds or does it measure timeout independently for each recursive query? if so, could you please define what is the right semantics here? In LdapGroupsMapping.java:line 312 : We add the groups to a list for all queries, but this is needed if the goUpHierarchy is != 0. Would you please add an if check? This is just to make sure that this code change does not change the memory usage if this feature is not enabled. In LdapGroupsMapping#goUpGroupHierarchy nitpick: can we please remove the reference to the JIRA number? "for HADOOP-12291 ", when we commit this patch, we will refer to it. So it may not be needed in comments nitpick: do you want to rewrite this to be int nextLevel = 0; if (goUpHierarchy == -1) { nextLevel = -1; } else { nextLevel = goUpHierarchy -1; } into int nextLevel = (goUpHierarchy == -1) ? -1: goUpHierarchy -1; Plus , Can you please define -1 as const like INFINITE_RECURSE = -1, so that code reading is easier ? or better just remove this INIFITE_RECURSE capability completely from code ? nitpick : would you like to pull this out as a function ? while (groupResults.hasMoreElements()) { SearchResult groupResult = groupResults.nextElement(); Attribute groupName = groupResult.getAttributes().get(groupNameAttr); groups.add(groupName.get().toString()); groupDNs.add(groupResult.getNameInNamespace()); } Do you think we should check for the goUpHierarchy == 0 before doing a LDAP query since queries are generally expensive. I may be mistaken but I think you can optimize away one query call if you check for the value little earlier. nitpick : Please feel free to ignore this. But we seem to be mixing StringBuilder.append and String Concat. If we are using StringBuilder could we possible use appends all along instead of creating an unnecessary string. I know that this is the style used in this file and you are just following it, thought I would flag it for your consideration. filter.append( "(&" + groupSearchFilter + "(|" ); In TestLadpGroupMapping, Can you please use conf.setInt(LdapGroupsMapping.GROUP_HIERARCHY_LEVELS_KEY,1); instead of conf.set(LdapGroupsMapping.GROUP_HIERARCHY_LEVELS_KEY, "1"); In the next patch would you please take care of this last checkstyle warning: ./hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java:368: }:5: '}' should be on the same line.
          Hide
          ekundin Esther Kundin added a comment -

          Submitted patch version 002

          Show
          ekundin Esther Kundin added a comment - Submitted patch version 002
          Hide
          ekundin Esther Kundin added a comment -

          Working on a fix.

          Show
          ekundin Esther Kundin added a comment - Working on a fix.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 10s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 6m 29s trunk passed
          +1 compile 5m 39s trunk passed with JDK v1.8.0_77
          +1 compile 6m 42s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 21s trunk passed
          +1 mvnsite 0m 57s trunk passed
          +1 mvneclipse 0m 14s trunk passed
          +1 findbugs 1m 37s trunk passed
          +1 javadoc 1m 1s trunk passed with JDK v1.8.0_77
          +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 41s the patch passed
          +1 compile 7m 9s the patch passed with JDK v1.8.0_77
          +1 javac 7m 9s the patch passed
          +1 compile 6m 39s the patch passed with JDK v1.7.0_95
          +1 javac 6m 39s the patch passed
          -1 checkstyle 0m 21s hadoop-common-project/hadoop-common: patch generated 9 new + 34 unchanged - 0 fixed = 43 total (was 34)
          +1 mvnsite 0m 56s the patch passed
          +1 mvneclipse 0m 13s the patch passed
          -1 whitespace 0m 0s The patch has 16 line(s) that end in whitespace. Use git apply --whitespace=fix.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 findbugs 1m 47s the patch passed
          +1 javadoc 0m 52s the patch passed with JDK v1.8.0_77
          +1 javadoc 1m 6s the patch passed with JDK v1.7.0_95
          -1 unit 7m 38s hadoop-common in the patch failed with JDK v1.8.0_77.
          +1 unit 8m 18s hadoop-common in the patch passed with JDK v1.7.0_95.
          +1 asflicense 0m 21s Patch does not generate ASF License warnings.
          61m 27s



          Reason Tests
          JDK v1.8.0_77 Failed junit tests hadoop.security.ssl.TestReloadingX509TrustManager



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:fbe3e86
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12800060/HADOOP-12291.001.patch
          JIRA Issue HADOOP-12291
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml
          uname Linux c359d2b83308 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / a749ba0
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_77 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
          whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/whitespace-eol.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_77.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_77.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/console
          Powered by Apache Yetus 0.2.0 http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 10s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 6m 29s trunk passed +1 compile 5m 39s trunk passed with JDK v1.8.0_77 +1 compile 6m 42s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 21s trunk passed +1 mvnsite 0m 57s trunk passed +1 mvneclipse 0m 14s trunk passed +1 findbugs 1m 37s trunk passed +1 javadoc 1m 1s trunk passed with JDK v1.8.0_77 +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 41s the patch passed +1 compile 7m 9s the patch passed with JDK v1.8.0_77 +1 javac 7m 9s the patch passed +1 compile 6m 39s the patch passed with JDK v1.7.0_95 +1 javac 6m 39s the patch passed -1 checkstyle 0m 21s hadoop-common-project/hadoop-common: patch generated 9 new + 34 unchanged - 0 fixed = 43 total (was 34) +1 mvnsite 0m 56s the patch passed +1 mvneclipse 0m 13s the patch passed -1 whitespace 0m 0s The patch has 16 line(s) that end in whitespace. Use git apply --whitespace=fix. +1 xml 0m 1s The patch has no ill-formed XML file. +1 findbugs 1m 47s the patch passed +1 javadoc 0m 52s the patch passed with JDK v1.8.0_77 +1 javadoc 1m 6s the patch passed with JDK v1.7.0_95 -1 unit 7m 38s hadoop-common in the patch failed with JDK v1.8.0_77. +1 unit 8m 18s hadoop-common in the patch passed with JDK v1.7.0_95. +1 asflicense 0m 21s Patch does not generate ASF License warnings. 61m 27s Reason Tests JDK v1.8.0_77 Failed junit tests hadoop.security.ssl.TestReloadingX509TrustManager Subsystem Report/Notes Docker Image:yetus/hadoop:fbe3e86 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12800060/HADOOP-12291.001.patch JIRA Issue HADOOP-12291 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml uname Linux c359d2b83308 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / a749ba0 Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_77 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/whitespace-eol.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_77.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_77.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/9146/console Powered by Apache Yetus 0.2.0 http://yetus.apache.org This message was automatically generated.
          Hide
          aw Allen Wittenauer added a comment -

          Let's be clear: ShellBasedUnixGroupsMapping does whatever the OS supports. It's really SSSD that is doing any cascading; POSIX standards dictate that /etc/group is not nested. So on platforms that aren't using SSSD/abiding by standards, ShellBasedUnixGroupsMapping does not cascade.

          We need to be very careful how we implement this feature. In many organizations, ou=group is not cascaded due to using posixGroup objects. We need to specifically look for groupOfNames.

          Show
          aw Allen Wittenauer added a comment - Let's be clear: ShellBasedUnixGroupsMapping does whatever the OS supports. It's really SSSD that is doing any cascading; POSIX standards dictate that /etc/group is not nested. So on platforms that aren't using SSSD/abiding by standards, ShellBasedUnixGroupsMapping does not cascade. We need to be very careful how we implement this feature. In many organizations, ou=group is not cascaded due to using posixGroup objects. We need to specifically look for groupOfNames.
          Hide
          airbots Chen He added a comment -

          +1 for the idea.

          Show
          airbots Chen He added a comment - +1 for the idea.

            People

            • Assignee:
              ekundin Esther Kundin
              Reporter:
              ggop Gautam Gopalakrishnan
            • Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development