[
https://issues.apache.org/jira/browse/HADOOP-12291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14649326#comment-14649326
]
Allen Wittenauer commented on HADOOP-12291:
-------------------------------------------
Let's be clear: ShellBasedUnixGroupsMapping does whatever the OS supports.
It's really SSSD that is doing any cascading; POSIX standards dictate that
/etc/group is *not* nested. So on platforms that aren't using SSSD/abiding by
standards, ShellBasedUnixGroupsMapping does not cascade.
We need to be *very* careful how we implement this feature. In many
organizations, ou=group is not cascaded due to using posixGroup objects. We
need to specifically look for groupOfNames.
> Add support for nested groups in LdapGroupsMapping
> --------------------------------------------------
>
> Key: HADOOP-12291
> URL: https://issues.apache.org/jira/browse/HADOOP-12291
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Gautam Gopalakrishnan
>
> When using {{LdapGroupsMapping}} with Hadoop, nested groups are not
> supported. So for example if user {{jdoe}} is part of group A which is a
> member of group B, the group mapping currently returns only group A.
> Currently this facility is available with {{ShellBasedUnixGroupsMapping}} and
> SSSD (or similar tools) but would be good to have this feature as part of
> {{LdapGroupsMapping}} directly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
