Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

hadoop.security.auth_to_local rule to uppercase?

hadoop.security.auth_to_local rule to uppercase?

Super Collaborator

Is it possible to create an auth_to_local rule to change usernames to uppercase? The /L option works for lower, but /U does not work for upper. Principal names come as "myusername@MYREALM.COM". I need "MYUSERNAME".

Unfortunately, user IDs coming from AD's sAMAccountName are in all uppercase. I'd prefer to convert them to lower, but haven't figured that out. nslcd, samba and winbind are being used.

6 REPLIES 6

Re: hadoop.security.auth_to_local rule to uppercase?

Super Collaborator

Just to be clear, the reason for this is that user id's on this system are uppercase names (e.g. "JJONES") because they are being synchronized from AD with sAMAccontName which is all uppercase. If I could use a pam module or other method to convert to lowercase I would, but I am not aware of such a module.

Re: hadoop.security.auth_to_local rule to uppercase?

Expert Contributor

may be you can try doing a sed expression , see if that works s/([[:lower:]])/\u\1/g

Re: hadoop.security.auth_to_local rule to uppercase?

Super Collaborator

Thanks, @Karthik Narayanan. After you suggested this, we tried it as well as a few other options but couldn't get it to work. I'm not sure it is supported at all.

Highlighted

Re: hadoop.security.auth_to_local rule to uppercase?

Expert Contributor

I don't think that's supported, I only see convert to lower case in the code:

https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apac...

You should really try to convert all to lower case or use another AD attribute. You never see people use uppercase and you risk becoming the only one :)

Do an ldapsearch and see what other attributes you could use, you don't have to use sAMAccountName.

For pam, you can use pam_regex: http://puszcza.gnu.org.ua/software/pam-modules/manual/html_chapter/regex.html

nslcd.conf has an ignorecase setting

Re: hadoop.security.auth_to_local rule to uppercase?

Super Collaborator

Thanks, @Alexandru Anghel I totally agree about making linux accounts all lowercase, but hit a wall on it. I saw the pam_regex module but was unable to locate it on my system and could not figure out where to get that package.

We did find another attribute mailAlias with lowercase, but that is not a good long-term attribute to use, although it may work temporarily. We may look at changing to SSSD instead.

Re: hadoop.security.auth_to_local rule to uppercase?

Expert Contributor

Indeed, if you can, SSSD is the way to go. pam_regex needs to be compiled.

Had the same issue and SSSD solved it with the 'case_sensitive = false' option.

Best of luck!