hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mingliang Liu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13105) Support timeouts in LDAP queries in LdapGroupsMapping.
Date Mon, 23 May 2016 22:41:13 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Mingliang Liu updated HADOOP-13105:
    Attachment: HADOOP-13105.001.patch

Thanks [~cnauroth] for the suggestion. I had a look at minikdc and find it's not straightforward
to simply extend it. Actually I figured out a way similar to your last comment {{TestWebHdfsTimeouts}}.
The only magic is {{AUTHENTICATE_SUCCESS_MSG}}. I don't like this hacking message but this
is the best I can tell. The bright side is that, we're testing both connect and read timeout
using a dummy server. As you stated, the JNDI documentation clearly spells out how to set
both connection and read timeout. But still, in case the JNDI env variables are not working
in upstream package, we'll find it out sooner than later.

As to exploring ApacheDS for testing the LDAP mapping code, I like the idea. Thanks for letting
me know the in-progress [HADOOP-8145] work, [~jojochuang]. Actually I was expecting something
alike before I checked out the {{TestLdapGroupsMapping}}. I was disappointed that we were
just mocking the stuff.

However, as 1) the change will bring new dependencies (ApacheDS test module), 2) heavy to
use (I personally don't like the aspect-like annotations) 3) I don't know easy way to make
the server delay for a specific period, I suggest we consolidate the effort of testing these
features against a real LDAP server along with other test cases in [HADOOP-8145], clearly
in a new class as what's you're doing.

> Support timeouts in LDAP queries in LdapGroupsMapping.
> ------------------------------------------------------
>                 Key: HADOOP-13105
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13105
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Chris Nauroth
>            Assignee: Mingliang Liu
>         Attachments: HADOOP-13105.000.patch, HADOOP-13105.001.patch
> {{LdapGroupsMapping}} currently does not set timeouts on the LDAP queries.  This can
create a risk of a very long/infinite wait on a connection.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message