[jira] [Work logged] (KNOX-3330) Improve LDAP Proxy configurability for multiple LDAP backends

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3330?focusedWorklogId=1022244&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1022244
 ]

ASF GitHub Bot logged work on KNOX-3330:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 26/May/26 17:30
            Start Date: 26/May/26 17:30
    Worklog Time Spent: 10m 
      Work Description: handavid opened a new pull request, #1240:
URL: https://github.com/apache/knox/pull/1240

   [KNOX-3330](https://issues.apache.org/jira/browse/KNOX-3330) - Refactor Knox 
LDAP Proxy configuration and implementation to allow multiple backends to be 
simultaneously configured
   
   ## What changes were proposed in this pull request?
   
   Gateway server configurations are updated to use 
'gateway.ldap.interceptor.*' instead of 'gateway.ldap.backend.*' to allow 
specifying multiple types of interceptors as well as multiple backends to the 
LDAP proxy.
   
   BackendFactory has been modified to use the java ServiceLoader to load a 
factory for a backend class instead of a backend instance directly. This allows 
multiple backends of the same class to be configured. InterceptorFactory has 
been implemented following the same pattern.
   
   GroupLookupInterceptor is renamed to UserSearchInterceptor to more 
accurately describe what it does. Multiple UserSearchInterceptors can be 
configured with each forwarding the search to its backend and appending the 
results.
   
   A DuplicateUserFilteringInterceptor has been implemented that will filter 
out search Entries with the same UID that are returned from different backends.
   
   ## How was this patch tested?
   
   Unit tests were updated.
   - KnoxLDAPServerManagerTest.java modified to configure interceptors instead 
of backends
   - KnoxLDAPServerManagerTest.java modified to configure multiple backends 
simultaneously
   
   Changes were manually tested against the test ldap server and an AD that I 
have access to.  
   The following configuration was added to the gateway-site.xml
   
   ```
       <!

Issue Time Tracking
-------------------

            Worklog Id:     (was: 1022244)
    Remaining Estimate: 0h
            Time Spent: 10m

> Improve LDAP Proxy configurability for multiple LDAP backends
> -------------------------------------------------------------
>
>                 Key: KNOX-3330
>                 URL: https://issues.apache.org/jira/browse/KNOX-3330
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: David Han
>            Assignee: David Han
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The Knox ldap proxy uses an interceptor to proxy search requests to a 
> configured backend. This configuration is somewhat limiting in how the proxy 
> can transform search results. Refactor to configure on the interceptor level 
> instead of the backend level so that new types of interceptors can be easily 
> added and multiple backends can be included.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)