Discussed with Natty about LdapGroupMapping, we need to improve it so that:
1. It's possible to do different group mapping for different users/principals. For example, AD user should go to LdapGroupMapping service for group, but service principals such as hdfs, mapred can still use the default one ShellBasedUnixGroupsMapping;
2. Multiple ADs can be supported to do LdapGroupMapping;
3. It's possible to configure what kind of users/principals (regarding domain/realm is an option) should use which group mapping service/mechanism.
4. It's possible to configure and combine multiple existing mapping providers without writing codes implementing new one.