Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
-
None
Description
In a typical configuration, group name is obtained from AD through SSSD/LDAP. AD permits group names with space (e.g. "Domain Users").
Unfortunately, the present implementation of ShellBasedUnixGroupMapping parses the output of shell command "id -Gn", and assumes group names are separated by space.
This could be achieved by using a combination of shell scripts, for example,
bash -c 'id -G weichiu | tr " " "\n" | xargs -I % getent group "%" | cut -d":" -f1'
But I am still looking for a more compact form, and potentially more efficient one.
Attachments
Issue Links
- Dependent
-
HADOOP-12468 Partial group resolution failure should not result in user lockout
- Resolved