HADOOP-13102. Update GroupsMapping documentation to reflect the new changes. Contributed by Esther Kundin.
(cherry picked from commit 075358eb6f
)
This commit is contained in:
parent
fb8bd4d2d7
commit
5933068e70
|
@ -85,9 +85,10 @@ This file should be readable only by the Unix user running the daemons.
|
||||||
|
|
||||||
It is possible to set a maximum time limit when searching and awaiting a result.
|
It is possible to set a maximum time limit when searching and awaiting a result.
|
||||||
Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period is desired. Default is 10,000 milliseconds (10 seconds).
|
Set `hadoop.security.group.mapping.ldap.directory.search.timeout` to 0 if infinite wait period is desired. Default is 10,000 milliseconds (10 seconds).
|
||||||
|
This is the limit for each ldap query. If `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` is set to a positive value, then the total latency will be bounded by max(Recur Depth in LDAP, `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` ) * `hadoop.security.group.mapping.ldap.directory.search.timeout`.
|
||||||
|
|
||||||
The implementation does not attempt to resolve group hierarchies. Therefore, a user must be an explicit member of a group object
|
`hadoop.security.group.mapping.ldap.base` configures how far to walk up the groups hierarchy when resolving groups.
|
||||||
in order to be considered a member.
|
By default, with a limit of 0, in order to be considered a member of a group, the user must be an explicit member in LDAP. Otherwise, it will traverse the group hierarchy `hadoop.security.group.mapping.ldap.search.group.hierarchy.levels` levels up.
|
||||||
|
|
||||||
|
|
||||||
### Active Directory ###
|
### Active Directory ###
|
||||||
|
|
Loading…
Reference in New Issue