HADOOP-13102. Update GroupsMapping documentation to reflect the new changes. Contributed by Esther Kundin.

(cherry picked from commit 075358eb6f)
This commit is contained in:
Anu Engineer 2017-10-11 15:58:20 -07:00
parent fb8bd4d2d7
commit 5933068e70
1 changed files with 3 additions and 2 deletions

View File

@ -85,9 +85,10 @@ This file should be readable only by the Unix user running the daemons.
It is possible to set a maximum time limit when searching and awaiting a result. It is possible to set a maximum time limit when searching and awaiting a result.
Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period is desired. Default is 10,000 milliseconds (10 seconds). Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period is desired. Default is 10,000 milliseconds (10 seconds).
This is the limit for each ldap query. If `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` is set to a positive value, then the total latency will be bounded by max(Recur Depth in LDAP, `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` ) * `hadoop.security.group.mapping.ldap.directory.search.timeout`.
The implementation does not attempt to resolve group hierarchies. Therefore, a user must be an explicit member of a group object `hadoop.security.group.mapping.ldap.base` configures how far to walk up the groups hierarchy when resolving groups.
in order to be considered a member. By default, with a limit of 0, in order to be considered a member of a group, the user must be an explicit member in LDAP. Otherwise, it will traverse the group hierarchy `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` levels up.
### Active Directory ### ### Active Directory ###