02-12-2019 12:37 AM - last edited on 02-12-2019 06:22 AM by cjervis
As pointed out in the documentation:
"The Hadoop LdapGroupsMapping group mapping mechanism. The LdapGroupsMapping library may not be as robust a solution needed for large organizations in terms of scalability and manageability, especially for organizations managing identity across multiple systems and not exclusively for Hadoop clusters. Support for the LdapGroupsMapping library is not consistent across all operating systems."
Our case is:
- A central AD for all organization's users
- CDH cluster with local MIT KDC for service principals and cross-realm trusted LDAP for user principals (on-going process)
- CDH cluster runs on identical versioned RHEL nodes
Is there any reason that we shouldn't use LdapGroupsMapping option for user-group mapping?