It is easy to manage user accounts using LDAP. by adding support for LDAP, proxy can do IP authorization in a headless fashion.
when a user send a request, proxy extract IP address and request PathInfo from the request. then it searches the LDAP server to get the allowed HDFS root paths given the IP address. Proxy will match the user request PathInfo with the allowed HDFS root path, return 403 if it could not find a match.