Support Questions

Find answers, ask questions, and share your expertise

Who agreed with this topic

Authorization questions LDAP

avatar
Rising Star

 Hi, I'm trying to enable authorization system in Cloudera.

I'm reading this link https://www.cloudera.com/documentation/enterprise/5-3-x/topics/cm_sg_ldap_grp_mappings.html .

Q0: Why can we use LdapGroupsMapping in production environment? I would like to use Apache Zeppline to integreted Apache Spark. I would like to use LDAP as a unifined account system.

Q1: If I use org.apache.hadoop.security.ShellBasedUnixGroupsMapping, Should I create users and groups in EVERY host in my cluster?

Q2: If I use org.apache.hadoop.security.LdapGroupsMapping. When new users and groups are created, will they sync to EVERY host in my cluster?

Q3:When adding new service in Cloudera Manager, for example, kafka service, will `kafka` user created both in LDAP database and EVERY host in my cluster?

Q4: I've enabled MIT kerberos in my cluster. Can I submit task from Windows IDE with proper kerberos keytab files. For example, using impyla in Python in Windows machine.

Who agreed with this topic