MapR 5.2 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.2 Cluster Administration
This section contains information on administering the cluster and MapR-DB, configuring Gateways, and configuring and managing particular aspects of the MapR security infrastructure.
Configuring Security
Describes tasks for configuring MapR security, managing secure clusters, and administering auditing.
Configuring Mapr Security
Provides usage information for frequently used security functionality including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
Managing Impersonation
Provides instructions for enabling and using MapR impersonation features.
Resolving Username with UID and GIDs During Impersonation
Lists configuration parameters necessary to configure impersonation.

MapR 5.2 Documentation

5.2 Cluster Administration
This section contains information on administering the cluster and MapR-DB, configuring Gateways, and configuring and managing particular aspects of the MapR security infrastructure.
- Administering the Cluster
  This section describes how to manage the nodes and services that make up a cluster.
- Monitoring the Cluster
  This section describes how to monitor the health and performance of a MapR cluster.
- Configuring and Managing MapR Gateways
  A MapR gateway mediates one-way communication between a source MapR cluster and a destination cluster. MapR-DB tables and MapR Streams streams can be replicated.
- Administering MapR-DB
  Administration of the MapR-DB is done primarily via the commmand line (maprcli) or with the MapR Control System (MCS). Regardless of whether the MapR-DB table is used for binary files or JSON documents, the same types of commands are used with slightly different parameter options. MapR-DB administration is associated with tables, columns and column families, and table regions.
- Configuring Security
  Describes tasks for configuring MapR security, managing secure clusters, and administering auditing.
  - Configuring Mapr Security
    Provides usage information for frequently used security functionality including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
    - Getting Started with MapR Security
      Describes two core scenarios that allow quick implementation of security features.
    - Managing Encryption for MapR Core
      Provides information that allows you to use encryption across the MapR platform.
    - Authenticating Users
      Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.
    - Managing Access Controls
      Describes how to create, enable, and use ACLs and ACEs.
    - Managing Impersonation
      Provides instructions for enabling and using MapR impersonation features.
      - How Impersonation Works
        Introduces impersonation functionality, limitations, and core requirements.
      - Enabling Impersonation for the MapR Superuser
        Provides a procedure necessary to implement superuser impersonation.
      - Enabling Impersonation for any User
        Provides a procedure necessary to implement impersonation for any MapR user.
      - Configuring Impersonation without Cluster Security
        Describes how to use impersonation on a non-secure cluster.
      - Resolving Username with UID and GIDs During Impersonation
        Lists configuration parameters necessary to configure impersonation.
  - Managing Secure Clusters
    Provides procedures that will enable you to run use MapR clusters securely.
  - Managing Auditing
    Provides instructions for using MapR auditing features.
- Administrator's Reference
  This section contains in-depth reference information for the administrator.
- Glossary
  This section contains defintions for commonly used terms in MapR Converged Data Platform environments.

Resolving Username with UID and GIDs During Impersonation

Lists configuration parameters necessary to configure impersonation.

To resolve username with UID and GIDs on the server (and not the local operating system registry) during impersonation, you can set the following configuration parameters on the client and CLDB.

Parameter Description

fs.mapr.server.resolve.user

Must be set in core-site.xml file on the client machine. Value can be one of the following:

true - enable
false - disable

By default, this is disabled. If enabled, client will request CLDB to resolve user with UID/GIDs. For example, to enable this property, your entry in core-site.xml file should be as shown below:

<configuration>
  <property>
    <name>fs.mapr.server.resolve.user</name>
    <value>true</value>
  </property>
</configuration>

cldb.security.resolve.user

Must be set using the config command. Value can be one of the following:

0 - disable
1 - enable

By default, this is disabled. If enabled, CLDB will resolve the user with UID/GIDs for all incoming client requests. For example, to enable this property, run the following command:

maprcli config save -values {cldb.security.resolve.user:1}

NOTE: Both the configuration parameters must be set to enable support for UID/GID resolution on the server. If the configuration parameter is set on the client to resolve on the server and if the configuration parameter is not set on CLDB, the operation will fail with an error.