handavid opened a new pull request, #1258: URL: https://github.com/apache/knox/pull/1258
[KNOX-3340](https://issues.apache.org/jira/browse/KNOX-3340) - Add Control to LDAPRolesLookupInterceptor ## What changes were proposed in this pull request? This commit adds a RolesLookupBypassControl for use with the LDAPRolesLookupInterceptor. The LDAPRolesLookupInterceptor will skip role mapping if this control is present and true in the request. This lets the client decide whether they will receive users' groups or roles. ## How was this patch tested? Unit tests were added to cover the new code. Manual testing was performed. The LDAP Proxy was configured with the RolesLookup interceptor and the following `ldapsearch` commands were run. ``` # add control by OID with value "true" ldapsearch -v -x -H ldap://localhost:3890 -b 'ou=people,DC=proxy,DC=com' -e "1.3.6.1.4.1.18060.2.1379319520.35362.17433.40846.265936912329953=AQP/" '(uid=sam*)' '*' # add control by OID with value "false" ldapsearch -v -x -H ldap://localhost:3890 -b 'ou=people,DC=proxy,DC=com' -e "1.3.6.1.4.1.18060.2.1379319520.35362.17433.40846.265936912329953=AQMA" '(uid=sam*)' '*' # don't add control ldapsearch -v -x -H ldap://localhost:3890 -b 'ou=people,DC=proxy,DC=com' '(uid=sam*)' '*' ``` ## Integration Tests no integration tests added ## UI changes no UI changes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
