Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

In which cases should LdapGroupsMapping be avoided?

In which cases should LdapGroupsMapping be avoided?

Rising Star



As pointed out in the documentation:


"The Hadoop LdapGroupsMapping group mapping mechanism. The LdapGroupsMapping library may not be as robust a solution needed for large organizations in terms of scalability and manageability, especially for organizations managing identity across multiple systems and not exclusively for Hadoop clusters. Support for the LdapGroupsMapping library is not consistent across all operating systems."


Our case is:


- A central AD for all organization's users

- CDH cluster with local MIT KDC for service principals and cross-realm trusted LDAP for user principals (on-going process)

- CDH cluster runs on identical versioned RHEL nodes


Is there any reason that we shouldn't use LdapGroupsMapping option for user-group mapping?


Thank you,


Don't have an account?
Coming from Hortonworks? Activate your account here