我正在尝试为用户设置openLDAP,以将其映射到hadoop 2.7.1的组映射,猜测我定义组或应用过滤器的方式有问题。它能够连接到服务器,但是会抛出无效的DN,并且没有组返回。
我的LDIF导出->
# Entry 1: ou=groups,dc=ubu,dc=com
dn: ou=groups,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=ubu,dc=com
dn: cn=admin,ou=groups,dc=ubu,dc=com
cn: admin
gidnumber: 500
memberuid: meadmin
objectclass: posixGroup
objectclass: top
# Entry 3: cn=operator,ou=groups,dc=ubu,dc=com
dn: cn=operator,ou=groups,dc=ubu,dc=com
cn: operator
gidnumber: 501
memberuid: meoperator
objectclass: posixGroup
objectclass: top
# Entry 4: cn=user,ou=groups,dc=ubu,dc=com
dn: cn=user,ou=groups,dc=ubu,dc=com
cn: user
gidnumber: 502
memberuid: meuser
memberuid: meuser2
objectclass: posixGroup
objectclass: top
# Entry 5: ou=users,dc=ubu,dc=com
dn: ou=users,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users
# Entry 6: cn=hadmin1,ou=users,dc=ubu,dc=com
dn: cn=hadmin1,ou=users,dc=ubu,dc=com
cn: hadmin1
gidnumber: 500
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meadmin
uid: meadmin
uidnumber: 1000
# Entry 7: cn=hoperator1,ou=users,dc=ubu,dc=com
dn: cn=hoperator1,ou=users,dc=ubu,dc=com
cn: hoperator1
gidnumber: 501
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meoperator
uid: meoperator
uidnumber: 1002
# Entry 8: cn=huser1,ou=users,dc=ubu,dc=com
dn: cn=huser1,ou=users,dc=ubu,dc=com
cn: huser1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser
uid: meuser
uidnumber: 1001
# Entry 9: cn=tester1,ou=users,dc=ubu,dc=com
dn: cn=tester1,ou=users,dc=ubu,dc=com
cn: tester1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser2
uid: meuser2
uidnumber: 1003
核心站点ldap映射->
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.user</name>
<value>(&(objectClass=inetOrgPerson)(uid={0}))</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=groupOfNames)</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>member</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
<value>cn</value>
</property>
我想念什么?
最佳答案
对filter.group和attr.member尝试以下替代方法。您为该组使用了错误的objectClass,为成员使用了错误的属性。
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=posixGroup)</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>memberuid</value>
</property>
关于security - Hadoop:用户到组映射的OpenLDAP设置因DN无效而失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31765439/