[
https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772336#comment-16772336
]
Íñigo Goiri commented on HADOOP-16125:
--------------------------------------
As referred in the description, if we have a single user and we are changing
the password, there will be a time (while the new secret is getting propagated)
that auth will fail.
A common solution for this is to have two users and change one at a time.
This change will enable this approach.
Regarding [^HADOOP-16125.001.patch], LGTM.
The refactor for the user/password makes LdapGroupsMapping cleaner too.
Let's see what Yetus says.
> Support multiple bind users in LdapGroupsMapping
> ------------------------------------------------
>
> Key: HADOOP-16125
> URL: https://issues.apache.org/jira/browse/HADOOP-16125
> Project: Hadoop Common
> Issue Type: New Feature
> Components: common, security
> Reporter: Lukas Majercak
> Assignee: Lukas Majercak
> Priority: Major
> Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch
>
>
> Currently, LdapGroupsMapping supports only a single user to bind to when
> connecting to LDAP. This can be problematic if such user's password needs to
> be reset.
> The proposal is to support multiple such users and switch between them if
> necessary, more info in GroupsMapping.md / core-default.xml in the patches.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
