diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index bb6d12465ac..65226063e14 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -956,6 +956,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12562. Make hadoop dockerfile usable by Yetus. (Allen Wittenauer via wheat9) + HADOOP-12568. Update core-default.xml to describe posixGroups support. + (Wei-Chiu Chuang via aajisaka) + OPTIMIZATIONS HADOOP-11785. Reduce the number of listStatus operation in distcp diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 1bdfe4a5ac8..c1a2946153d 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -314,6 +314,11 @@ for ldap providers in the same way as above does. an LDAP server with a non-AD schema, this should be replaced with (&(objectClass=inetOrgPerson)(uid={0}). {0} is a special string used to denote where the username fits into the filter. + + If the LDAP server supports posixGroups, Hadoop can enable the feature by + setting the value of this property to "posixAccount" and the value of + the hadoop.security.group.mapping.ldap.search.filter.group property to + "posixGroup". @@ -323,7 +328,9 @@ for ldap providers in the same way as above does. An additional filter to use when searching for LDAP groups. This should be changed when resolving groups against a non-Active Directory installation. - posixGroups are currently not a supported group class. + + See the description of hadoop.security.group.mapping.ldap.search.filter.user + to enable posixGroups support.