Long journey, so I hope this does the trick.
While not exposed in Cloudera Manager, you can identify an alternative userid attribute. By default, for posix objecdts, the default is memberUid (which won't work for you unless memberUid contains the numeric id).
- In Cloudera Manager, navigate to:
Clusters --> HDFS --> Configuration
- Search for:
Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
- Add the following:
- Restart the cluster (so the servers can detect the new settings)
As you observed, by default HDFS assumes that the memberUid attribute will have a value of the uidNumber of the user account. The configuration I mentioned above lets you adjust this so that rather than searching for "memberUid=1004" the search will contain "uid=maslova"
You can find more information here:
This is the description:
"The attribute of posixAccount to use when groups for membership. Mostly useful for schemas wherein groups have memberUids that use an attribute other than uidNumber."
As you can see, the configuration for hdfs meets the needs of your situation.
Sorry for the mistake... I meant that now with the suggested change, the resulting group lookup filter will be:
This is because the hadoop.security.group.mapping.ldap.posix.attr.uid.name property tells ldapgroupmapping which user attribute to use to obtain the value for group lookup. In your LDAP config that is "uid"