Support Questions

Find answers, ask questions, and share your expertise

HDFS LDAP with openldap only shows primary group


Hi all,


         I've recently set up HDFS with LDAP group mapping, I'm doing it through the cloudera manager, CDH6.3. Everything looks like it was working, i can see the hdfs does recognize my ldap users and the groups, but it doesn't show all the groups my ldap user belongs to, it only shows the primary group. As you can see from below, my ldap user "jchiang" is in primary group testgroup and secondary group red, but the hdfs only shows testgroup. I'm using openldap as my ldap directory. Is there a way to get all the ldap groups show up? I've included my hdfs ldap config below, I assume maybe there's something in the group filter i need to change? thanks 


[jchiang@ip-172-0-0-203 ~]$ hdfs groups
jchiang : testgroup

[jchiang@ip-172-0-0-203 ~]$ groups
testgroup red


Hadoop User Group Mapping Implementation :
Hadoop User Group Mapping LDAP User Search Filter (&(objectClass=posixAccount)(uid={0}))
Hadoop User Group Mapping LDAP Group Search Filter (objectclass=posixGroup)
Hadoop User Group Mapping LDAP Group Membership Attribute memberUid
Hadoop User Group Mapping LDAP Group Name Attribute cn

Cloudera Employee



i see you are using a posix lookup which by default returns only one/first group. Make the below changes to get the group results with a single lookup query.

Please make below change uid={0} (&(objectclass=posixGroup)(memberUid={0}))