Got a question about creating service users in our LDAP directory.
The last part of the CM5 guide to configuring LDAP here mentions that you need to "ensure all your services are registered users in LDAP."
1. Is there any scope for changing the names of some of these users? Using Active Directory for LDAP and don't particularly want mapred, yarn, etc as users in AD - it doesn't fit in with the naming convention used for other services. Presumably if I changed the users I'd also need to chown/chgrp a load of stuff in HDFS.
2. As an alternative to configuring CDH to use LDAP directly, are there any drawbacks to delegating to PAM on the local Linux box, which in turn is configured to resolve users against AD?