Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for its directory search. Contributed by Harsh J. (harsh) 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1477460 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Harsh J 2013-04-30 03:07:00 +00:00
parent c8d27c48ec
commit c962ae1a3a
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -47,6 +47,9 @@ Release 2.0.5-beta - UNRELEASED
HADOOP-9503. Remove sleep between IPC client connect timeouts. HADOOP-9503. Remove sleep between IPC client connect timeouts.
(Varun Sharma via szetszwo) (Varun Sharma via szetszwo)
HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for
its directory search. (harsh)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-9150. Avoid unnecessary DNS resolution attempts for logical URIs HADOOP-9150. Avoid unnecessary DNS resolution attempts for logical URIs

13
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
View File

@ -144,7 +144,15 @@ public class LdapGroupsMapping
*/ */
public static final String GROUP_NAME_ATTR_KEY = LDAP_CONFIG_PREFIX + ".search.attr.group.name"; public static final String GROUP_NAME_ATTR_KEY = LDAP_CONFIG_PREFIX + ".search.attr.group.name";
public static final String GROUP_NAME_ATTR_DEFAULT = "cn"; public static final String GROUP_NAME_ATTR_DEFAULT = "cn";
/*
* LDAP {@link SearchControls} attribute to set the time limit
* for an invoked directory search. Prevents infinite wait cases.
*/
public static final String DIRECTORY_SEARCH_TIMEOUT =
LDAP_CONFIG_PREFIX + ".directory.search.timeout";
public static final int DIRECTORY_SEARCH_TIMEOUT_DEFAULT = 10000; // 10s
private static final Log LOG = LogFactory.getLog(LdapGroupsMapping.class); private static final Log LOG = LogFactory.getLog(LdapGroupsMapping.class);
private static final SearchControls SEARCH_CONTROLS = new SearchControls(); private static final SearchControls SEARCH_CONTROLS = new SearchControls();
@ -326,6 +334,9 @@ public class LdapGroupsMapping
groupNameAttr = groupNameAttr =
conf.get(GROUP_NAME_ATTR_KEY, GROUP_NAME_ATTR_DEFAULT); conf.get(GROUP_NAME_ATTR_KEY, GROUP_NAME_ATTR_DEFAULT);
int dirSearchTimeout = conf.getInt(DIRECTORY_SEARCH_TIMEOUT, DIRECTORY_SEARCH_TIMEOUT_DEFAULT);
SEARCH_CONTROLS.setTimeLimit(dirSearchTimeout);
this.conf = conf; this.conf = conf;
} }

11
hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
View File

@ -212,6 +212,17 @@
</description> </description>
</property> </property>
<property>
<name>hadoop.security.group.mapping.ldap.directory.search.timeout</name>
<value>10000</value>
<description>
The attribute applied to the LDAP SearchControl properties to set a
maximum time limit when searching and awaiting a result.
Set to 0 if infinite wait period is desired.
Default is 10 seconds. Units in milliseconds.
</description>
</property>
<property> <property>
<name>hadoop.security.service.user.name.key</name> <name>hadoop.security.service.user.name.key</name>
<value></value> <value></value>