iaorekhov-1980 commented on code in PR #61440:
URL: https://github.com/apache/doris/pull/61440#discussion_r3458261102
##########
fe/fe-common/src/main/java/org/apache/doris/common/LdapConfig.java:
##########
@@ -210,4 +210,10 @@ public class LdapConfig extends ConfigBase {
public static String getConnectionURL(String hostPortInAccessibleFormat) {
return ((LdapConfig.ldap_use_ssl ? "ldaps" : "ldap") + "://" +
hostPortInAccessibleFormat);
}
+
+ /**
+ * Flag to enable login with empty pass.
+ */
+ @ConfigBase.ConfField
+ public static boolean ldap_allow_empty_pass = true;
Review Comment:
Hello, @CalvinKirs
Thanks for your comments.
I've also thought to specify the default value of new
**ldap_allow_empty_pass** to **false**, as it is more correct from security
point of view.
But if we do so - it can affect existing Doris users, who have relied on
this feature.
So I suggest to keep at **true** by default, but add additional explicit
notifications into **ldap.conf** and corresponding documentation.
Thus, if you think - that it should be false by default, I'll change the
behavior to disable login with empty LDAP pass by default.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
