Sync LDAP Active Directory accounts with HDFS /user

hdfs_ldap_usersync.sh

#!/usr/bin/env bash

set -euf -o pipefail

logMsg() {
  echo "[$(date +'%Y %b %d %T')]" ${*}
}

LDAP_URI=ldap://ldapserver:389
BASE_DN="DC=example,DC=com"
HADOOP_USERS="CN=HadoopUsers,OU=groups"

LDAP_ACC=ldap-hdfs-sync
LDAP_PASS='account password'

LDAP_USERS=(`ldapsearch -LLL -x \
  -H $LDAP_URI \
  -D $LDAP_ACC -w$LDAP_PASS \
  -E pr=10000/noprompt \
  -b $BASE_DN \
  "(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$HADOOP_USERS,$BASE_DN))" sAMAccountName \
    | grep sAMAccountName | cut -d: -f2 \
    | tr '[:upper:]' '[:lower:]' | sort -u`)

HDFS_USERS=(`hdfs dfs -ls /user | grep /user | sed 's/.*\/user\///'`)  # Assumed to be sorted

# (LDAP accounts - existing HDFS accounts) = LDAP users without HDFS dirs
for u in "${HDFS_USERS[@]}"; do
   if [ ${#LDAP_USERS[@]} -gt 0 ]; then
     LDAP_USERS=(${LDAP_USERS[@]//*$u*})
   fi
done

if [ ${#LDAP_USERS[@]} -eq 0 ]; then
  logMsg "No new users"
  exit 0;
fi

for user in "${LDAP_USERS[@]}"; do
  HDFS_PATH=hdfs:///user/$user
  if hdfs dfs -test -d $HDFS_PATH; then
    logMsg "$HDFS_PATH exists"
  else
    logMsg "Creating $HDFS_PATH"
    hdfs dfs -mkdir -p $HDFS_PATH && hdfs dfs -chown $user:hdfs $HDFS_PATH
  fi
done

hdfs_usersync.cron

15 0,6,12,18 * * * root sudo -u hdfs '/home/hdfs/hdfs_ldap_usersync.sh' >> /var/log/hdfs_ldap_usersync.log 2>&1