"The HadoopLdapGroupsMappinggroup mapping mechanism. TheLdapGroupsMappinglibrary may not be as robust a solution needed for large organizations in terms of scalability and manageability, especially for organizations managing identity across multiple systems and not exclusively for Hadoop clusters. Support for theLdapGroupsMappinglibrary is not consistent across all operating systems."
Our case is:
- A central AD for all organization's users
- CDH cluster with local MIT KDC for service principals and cross-realm trusted LDAP for user principals (on-going process)
- CDH cluster runs on identical versioned RHEL nodes
Is there any reason that we shouldn't use LdapGroupsMapping option for user-group mapping?