Re: [PR] [enhance](auth) introduction of ldaps support via configuration property [doris]

Fri, 06 Feb 2026 02:42:54 -0800 


iaorekhov-1980 commented on code in PR #60275:
URL: https://github.com/apache/doris/pull/60275#discussion_r2773471900


##########
fe/fe-common/src/main/java/org/apache/doris/common/LdapConfig.java:
##########
@@ -157,4 +157,22 @@ public class LdapConfig extends ConfigBase {
      */
     @ConfigBase.ConfField
     public static boolean ldap_pool_test_while_idle = true;
+
+    /**
+     * Flag to enable usage of LDAPS.
+     */
+    @ConfigBase.ConfField
+    public static boolean ldap_use_ssl = false;
+
+    /**
+     * The method constructs the correct URL connection string for the 
specified host and port depending on
+     * the value of the {@code ldap_use_ssl} property.
+     * If {@code ldap_use_ssl} is true, LDAPS is used as the protocol.
+     * If {@code ldap_use_ssl} is false or not specified, LDAP is used as the 
protocol.
+     * @param hostPortInAccessibleFormat the host and port in accessible 
format (for example, "host:port")
+     * @return the LDAP or LDAPS connection URL string
+     */
+    public static String getConnectionURL(String hostPortInAccessibleFormat) {

Review Comment:
   Hi. @gavinchou 
   The information about certificates location is provided within JVM arguments 
in fe.conf in standard parameter, like below
   
   ```
   # For jdk 17, this JAVA_OPTS will be used as default JVM options
   
JAVA_OPTS_FOR_JDK_17="-Djavax.net.ssl.trustStore=/opt/apache-doris/certs/cacerts
 -Dfile.encoding=UTF-8 -Djavax.security.auth.useSubjectCredsOnly=false 
-Xmx8192m -Xms2048m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=$LOG_DIR 
-Xlog:gc
   
*,classhisto*=trace:$LOG_DIR/fe.gc.log.$CUR_DATE:time,uptime:filecount=10,filesize=50M
 --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens 
java.base/jdk.internal.ref=ALL-UNNAMED"
   
   ```
   
   Also could you please confirm the documentation to be changed.
   
[https://github.com/apache/doris-website/blob/master/docs/admin-manual/auth/authentication/ldap.md](url)
   I assume this file should be updated with new information about support of 
LDAPS?
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to