I was able to make Hadoop ldap group mapping works with TLS enabled on my Sanbox for testing, but when I test it using hdfs groups command, I just notice the group output for all users is same which is hcat Hadoop.
I already added all services groups and check it using ldapsearch and everthing looks correct. So it looks like the Hadoop group mapping only reading the two groups?
Could you please help me if you have idea about this. Thank you very much
Update: I did another test, first I list the group using ldapsearch, what I notice is that when I hdfs group all username, it uses the top and the last group entry from my ldap search result, So only 2 groups are being read by group mapping and use it in all users.
To make sure that I'm not mistaken I deleted the top group on the list in ldap search and what happen is that the new top group on the list became the result.
I'm not sure if this is a bug on sandbox.. any suggestions?