Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop >> mail # user >> Could we use the same identity store for user groups mapping in MIT Kerberos + OpenLDAP setup


+
Zheng, Kai 2013-06-28, 23:29
Copy link to this message
-
Re: Could we use the same identity store for user groups mapping in MIT Kerberos + OpenLDAP setup
you can try whosso, which is simple than kerbose.

--Send from my Sony mobile.
On Jun 29, 2013 7:29 AM, "Zheng, Kai" <[EMAIL PROTECTED]> wrote:

>  Hi all,****
>
> ** **
>
> I have a setup using MIT Kerberos with OpenLDAP as the user database. It’s
> desired to use the same user database that holds all the kinit principal
> accounts for the identity store to be used for groups mapping provider via
> LdapGroupsMappingProvider. However, I found there’re 3 issues:****
>
> **1.       **For Kerberos principal object, there’re no appropriate
> attribute to determine the short name. As you know Hadoop uses short name
> in ACL rules.****
>
> **2.       **We know how to add a principal for user account, but how to
> add a group so that it allows to do ACL via group?****
>
> **3.       **Related to 2, no attribute for Kerberos principal object is
> found that can be used to determine the user’s groups.****
>
> I’m wondering if there’s something wrong in my setup. Any extra LDAP
> schema could be applied to allow all of these?****
>
> I think this case might not be supported but it makes sense in such setup
> to ease the deployment. Of course AD can be used for such consideration,
> but we might face existing deployment that uses MIT Kerberos and OpenLDAP.
> ****
>
> ** **
>
> Thanks for your help. ****
>
> ** **
>
> Regarding,****
>
> Kai****
>
> ** **
>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB