@InterfaceAudience.LimitedPrivate(value={"HDFS","MapReduce"}) @InterfaceStability.Evolving public class LdapGroupsMapping extends Object implements GroupMappingServiceProvider, Configurable
GroupMappingServiceProvider
which
connects directly to an LDAP server for determining group membership.
This provider should be used only if it is necessary to map users to
groups that reside exclusively in an Active Directory or LDAP installation.
The common case for a Hadoop installation will be that LDAP users and groups
materialized on the Unix servers, and for an installation like that,
ShellBasedUnixGroupsMapping is preferred. However, in cases where
those users and groups aren't materialized in Unix, but need to be used for
access control, this class may be used to communicate directly with the LDAP
server.
It is important to note that resolving group mappings will incur network
traffic, and may cause degraded performance, although user-group mappings
will be cached via the infrastructure provided by Groups
.
This implementation does not support configurable search limits. If a filter
is used for searching users or groups which returns more results than are
allowed by the server, an exception will be thrown.
The implementation also does not attempt to resolve group hierarchies. In
order to be considered a member of a group, the user must be an explicit
member in LDAP.Constructor and Description |
---|
LdapGroupsMapping() |
Modifier and Type | Method and Description |
---|---|
void |
cacheGroupsAdd(List<String> groups)
Adds groups to cache, no need to do that for this provider
|
void |
cacheGroupsRefresh()
Caches groups, no need to do that for this provider
|
Configuration |
getConf()
Return the configuration used by this object.
|
List<String> |
getGroups(String user)
Returns list of groups for a user.
|
void |
setConf(Configuration conf)
Set the configuration to be used by this object.
|
public static final String LDAP_CONFIG_PREFIX
public static final String LDAP_URL_KEY
public static final String LDAP_URL_DEFAULT
public static final String LDAP_USE_SSL_KEY
public static final Boolean LDAP_USE_SSL_DEFAULT
public static final String LDAP_KEYSTORE_KEY
public static final String LDAP_KEYSTORE_DEFAULT
public static final String LDAP_KEYSTORE_PASSWORD_KEY
public static final String LDAP_KEYSTORE_PASSWORD_DEFAULT
public static final String LDAP_KEYSTORE_PASSWORD_FILE_KEY
public static final String LDAP_KEYSTORE_PASSWORD_FILE_DEFAULT
public static final String BIND_USER_KEY
public static final String BIND_USER_DEFAULT
public static final String BIND_PASSWORD_KEY
public static final String BIND_PASSWORD_DEFAULT
public static final String BIND_PASSWORD_FILE_KEY
public static final String BIND_PASSWORD_FILE_DEFAULT
public static final String BASE_DN_KEY
public static final String BASE_DN_DEFAULT
public static final String USER_SEARCH_FILTER_KEY
public static final String USER_SEARCH_FILTER_DEFAULT
public static final String GROUP_SEARCH_FILTER_KEY
public static final String GROUP_SEARCH_FILTER_DEFAULT
public static final String GROUP_MEMBERSHIP_ATTR_KEY
public static final String GROUP_MEMBERSHIP_ATTR_DEFAULT
public static final String GROUP_NAME_ATTR_KEY
public static final String GROUP_NAME_ATTR_DEFAULT
public static final String DIRECTORY_SEARCH_TIMEOUT
public static final int DIRECTORY_SEARCH_TIMEOUT_DEFAULT
public static int RECONNECT_RETRY_COUNT
public List<String> getGroups(String user) throws IOException
getGroups
in interface GroupMappingServiceProvider
user
- get groups for this userIOException
public void cacheGroupsRefresh() throws IOException
cacheGroupsRefresh
in interface GroupMappingServiceProvider
IOException
public void cacheGroupsAdd(List<String> groups) throws IOException
cacheGroupsAdd
in interface GroupMappingServiceProvider
groups
- unusedIOException
public Configuration getConf()
Configurable
getConf
in interface Configurable
public void setConf(Configuration conf)
Configurable
setConf
in interface Configurable
Copyright © 2013 Apache Software Foundation. All rights reserved.