пре 12 година · c962ae1a3a
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -47,6 +47,9 @@ Release 2.0.5-beta - UNRELEASED
 
				     HADOOP-9503. Remove sleep between IPC client connect timeouts.
			
 
				     (Varun Sharma via szetszwo)
			
 
				 
			
 
				+    HADOOP-9322. LdapGroupsMapping doesn't seem to set a timeout for
			
 
				+    its directory search. (harsh)
			
 
				+
			
 
				   OPTIMIZATIONS
			
 
				 
			
 
				     HADOOP-9150. Avoid unnecessary DNS resolution attempts for logical URIs
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
@@ -144,7 +144,15 @@ public class LdapGroupsMapping
 
				    */
			
 
				   public static final String GROUP_NAME_ATTR_KEY = LDAP_CONFIG_PREFIX + ".search.attr.group.name";
			
 
				   public static final String GROUP_NAME_ATTR_DEFAULT = "cn";
			
 
				-  
			
 
				+
			
 
				+  /*
			
 
				+   * LDAP {@link SearchControls} attribute to set the time limit
			
 
				+   * for an invoked directory search. Prevents infinite wait cases.
			
 
				+   */
			
 
				+  public static final String DIRECTORY_SEARCH_TIMEOUT =
			
 
				+    LDAP_CONFIG_PREFIX + ".directory.search.timeout";
			
 
				+  public static final int DIRECTORY_SEARCH_TIMEOUT_DEFAULT = 10000; // 10s
			
 
				+
			
 
				   private static final Log LOG = LogFactory.getLog(LdapGroupsMapping.class);
			
 
				 
			
 
				   private static final SearchControls SEARCH_CONTROLS = new SearchControls();
			
@@ -326,6 +334,9 @@ public class LdapGroupsMapping
 
				     groupNameAttr =
			
 
				         conf.get(GROUP_NAME_ATTR_KEY, GROUP_NAME_ATTR_DEFAULT);
			
 
				 
			
 
				+    int dirSearchTimeout = conf.getInt(DIRECTORY_SEARCH_TIMEOUT, DIRECTORY_SEARCH_TIMEOUT_DEFAULT);
			
 
				+    SEARCH_CONTROLS.setTimeLimit(dirSearchTimeout);
			
 
				+
			
 
				     this.conf = conf;
			
 
				   }
			
 
				   
			
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -212,6 +212,17 @@
 
				   </description>
			
 
				 </property>
			
 
				 
			
 
				+<property>
			
 
				+  <name>hadoop.security.group.mapping.ldap.directory.search.timeout</name>
			
 
				+  <value>10000</value>
			
 
				+  <description>
			
 
				+    The attribute applied to the LDAP SearchControl properties to set a
			
 
				+    maximum time limit when searching and awaiting a result.
			
 
				+    Set to 0 if infinite wait period is desired.
			
 
				+    Default is 10 seconds. Units in milliseconds.
			
 
				+  </description>
			
 
				+</property>
			
 
				+
			
 
				 <property>
			
 
				   <name>hadoop.security.service.user.name.key</name>
			
 
				   <value></value>