So I've enabled cell level security. Having an issue with spaces in groups retrieved from LDAP. In our Cloudera 6.2.1 cluster the LDAP for HDFS is configured to retrieve the groups from our LDAP server. That works fine.
But when I run hbase shell (kerberized with my kerberos ticket) any groups with spaces in the 'cn' are split into separate groups when I run the hbase shell 'whoami' command. For example if my LDAP group is called 'my cool group' in hbase shell whoami it shows 3 separate groups... 'my' 'cool' and 'group'. Unfortunately I can't change the group name to remove the spaces in LDAP. Therefore if I created an hbase cell visibility set to a label that maps to this LDAP group I can't retrieve the cell.
hbase shell> whoami
...
Groups: 'anothergroupwithoutspaces', 'my', 'cool',' group'
add_label ['my_cool_label']
set_auth '@my\ cool\ group',''my_cool_label'] (you need backslashes to escape the space)
put 'myTable', 'cf1:cq1', 'myValue', { VISIBILITY => 'my_cool_label']
(can't see this cell)
From what I can see the only option is instead of using the group 'cn' value I need to add another field in that LDAP node and have the group name without spaces.
eg. cn_hadoop = my-cool-group
Or is there another option?
Richard