[
https://issues.apache.org/jira/browse/KNOX-3340?focusedWorklogId=1024767&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1024767
]
ASF GitHub Bot logged work on KNOX-3340:
----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Jun/26 20:39
Start Date: 11/Jun/26 20:39
Worklog Time Spent: 10m
Work Description: handavid commented on code in PR #1258:
URL: https://github.com/apache/knox/pull/1258#discussion_r3398971814
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/ldap/control/RolesLookupBypassControl.java:
##########
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.services.ldap.control;
+
+import org.apache.directory.api.ldap.model.message.Control;
+
+public interface RolesLookupBypassControl extends Control {
+ // OID created from a UUID to ensure no collisions:
+ // Apache Root OID for core object classes 1.3.6.1.4.1.18060.2
+ // UUID "5236bee0-8a22-4419-9f8e-f1de43312ce1"
+ String OID =
"1.3.6.1.4.1.18060.2.1379319520.35362.17433.40846.265936912329953";
Review Comment:
thanks! In the meantime, I've moved the OID out of code and into
configuration. That way we don't publish any unofficial OIDs. The configuration
is optional, but the RolesLookupBypassControl will not be registered if it is
not supplied. Anyone who wants to use the bypass control before we get an
official oid will need to configure one of their own.
Issue Time Tracking
-------------------
Worklog Id: (was: 1024767)
Time Spent: 1h 40m (was: 1.5h)
> Enable KnoxLdapService Role Lookup to return either Roles or Groups
> -------------------------------------------------------------------
>
> Key: KNOX-3340
> URL: https://issues.apache.org/jira/browse/KNOX-3340
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: David Han
> Assignee: David Han
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The KnoxLdapService, when configured with role lookup will replace all groups
> in the resulting entries with roles. This Jira provides a mechanism for
> clients to request the underlying groups instead of the roles. E.g., groups
> would be needed for some service to admin/manage the mapping between groups
> and roles.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
