[
https://issues.apache.org/jira/browse/KNOX-3247?focusedWorklogId=1003750&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1003750
]
ASF GitHub Bot logged work on KNOX-3247:
----------------------------------------
Author: ASF GitHub Bot
Created on: 06/Feb/26 01:29
Start Date: 06/Feb/26 01:29
Worklog Time Spent: 10m
Work Description: lmccay opened a new pull request, #1144:
URL: https://github.com/apache/knox/pull/1144
[KNOX-1234](url) - KNOX-3247 - Knox LDAP Server with Pluggable Backend
## What changes were proposed in this pull request?
By exposing an LDAP interface from Knox, we can provide a rich set of
backend implementations that can:
- Provide easy demo and test environments with a file based backend
- Provide enterprise integrations by proxying actual LDAP backends
- Provide novel implementations based on the KNOX-AUTH-SERVICE in other
topologies
- All while simplifying the configuration of consumers by normalizing the
exposed schema - resulting in the same LDAP config for all deployments rather
than chasing the deployment specific details across the platform.
- Knox can be the central LDAP Server for the platform while integrating
with all of the possible combinations that we already support.
The LDAP Server proxy feature normalizes the consumer facing schema and
returns the proxied schema results. This is a standard/common LDAP Proxy
pattern. It also needs to be able to reverse the mapping for queries that come
from a result that includes the backend schema such as the DN. So, consumers
can use both the internal and external DNs for searches.
This PR adds a new GatewayService called KnoxLDAPServer that uses
ServiceLoader to provide an SPI for backend implementations. It includes a file
based backend for testing and an LDAP backend to proxy access to other external
LDAP servers.
## How was this patch tested?
New unit tests have been added for those things that can be mocked and
tested.
We will need to add additional integration tests with an actual backend
deployed.
Manually tested both the file based and LDAP Server based backends.
Used the existing Demo LDAP Server as the proxied LDAP Server.
## Integration Tests
(Please add or update integration tests
[`.github/workflows/tests`](.github/workflows/tests) for the feature you are
adding. If no unit test is added, please explain why. Check out
[`.github/workflows/tests/README.md`](./workflows/tests/README.md) for
instructions)
Issue Time Tracking
-------------------
Worklog Id: (was: 1003750)
Remaining Estimate: 0h
Time Spent: 10m
> Knox LDAP Server with Pluggable Backend
> ---------------------------------------
>
> Key: KNOX-3247
> URL: https://issues.apache.org/jira/browse/KNOX-3247
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> By exposing an LDAP interface from Knox, we can provide a rich set of backend
> implementations that can:
> * Provide easy demo and test environments with a file based backend
> * Provide enterprise integrations by proxying actual LDAP backends
> * Provide novel implementations based on the KNOX-AUTH-SERVICE in other
> topologies
> * All while simplifying the configuration of consumers by normalizing the
> exposed schema - resulting in the same LDAP config for all deployments rather
> than chasing the deployment specific details across the platform.
> Knox can be the central LDAP Server for the platform while integrating with
> all of the possible combinations that we already support.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
