Skip to content

Commit 299c47b

Browse files
QwertyManiacQwertyManiac
committed
HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for its directory search. Contributed by Harsh J. (harsh)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1477458 13f79535-47bb-0310-9956-ffa450edef68
1 parent c605ab6 commit 299c47b

File tree

3 files changed

+26
-1
lines changed

3 files changed

+26
-1
lines changed

hadoop-common-project/hadoop-common/CHANGES.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -577,6 +577,9 @@ Release 2.0.5-beta - UNRELEASED
577577
HADOOP-9503. Remove sleep between IPC client connect timeouts.
578578
(Varun Sharma via szetszwo)
579579

580+
HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for
581+
its directory search. (harsh)
582+
580583
OPTIMIZATIONS
581584

582585
HADOOP-9150. Avoid unnecessary DNS resolution attempts for logical URIs

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,15 @@ public class LdapGroupsMapping
144144
*/
145145
public static final String GROUP_NAME_ATTR_KEY = LDAP_CONFIG_PREFIX + ".search.attr.group.name";
146146
public static final String GROUP_NAME_ATTR_DEFAULT = "cn";
147-
147+
148+
/*
149+
* LDAP {@link SearchControls} attribute to set the time limit
150+
* for an invoked directory search. Prevents infinite wait cases.
151+
*/
152+
public static final String DIRECTORY_SEARCH_TIMEOUT =
153+
LDAP_CONFIG_PREFIX + ".directory.search.timeout";
154+
public static final int DIRECTORY_SEARCH_TIMEOUT_DEFAULT = 10000; // 10s
155+
148156
private static final Log LOG = LogFactory.getLog(LdapGroupsMapping.class);
149157

150158
private static final SearchControls SEARCH_CONTROLS = new SearchControls();
@@ -326,6 +334,9 @@ public synchronized void setConf(Configuration conf) {
326334
groupNameAttr =
327335
conf.get(GROUP_NAME_ATTR_KEY, GROUP_NAME_ATTR_DEFAULT);
328336

337+
int dirSearchTimeout = conf.getInt(DIRECTORY_SEARCH_TIMEOUT, DIRECTORY_SEARCH_TIMEOUT_DEFAULT);
338+
SEARCH_CONTROLS.setTimeLimit(dirSearchTimeout);
339+
329340
this.conf = conf;
330341
}
331342

hadoop-common-project/hadoop-common/src/main/resources/core-default.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,17 @@
212212
</description>
213213
</property>
214214

215+
<property>
216+
<name>hadoop.security.group.mapping.ldap.directory.search.timeout</name>
217+
<value>10000</value>
218+
<description>
219+
The attribute applied to the LDAP SearchControl properties to set a
220+
maximum time limit when searching and awaiting a result.
221+
Set to 0 if infinite wait period is desired.
222+
Default is 10 seconds. Units in milliseconds.
223+
</description>
224+
</property>
225+
215226
<property>
216227
<name>hadoop.security.service.user.name.key</name>
217228
<value></value>

0 commit comments

Comments
 (0)