github-actions[bot] commented on code in PR #61440:
URL: https://github.com/apache/doris/pull/61440#discussion_r3086289069
##########
fe/fe-common/src/main/java/org/apache/doris/common/LdapConfig.java:
##########
@@ -204,4 +204,10 @@ public class LdapConfig extends ConfigBase {
public static String getConnectionURL(String hostPortInAccessibleFormat) {
return ((LdapConfig.ldap_use_ssl ? "ldaps" : "ldap") + "://" +
hostPortInAccessibleFormat);
}
+
+ /**
+ * Flag to enable login with empty pass.
+ */
+ @ConfigBase.ConfField(mutable = true)
Review Comment:
is exposed as a mutable FE config here, but Doris does not reload persisted
LDAP config from on startup. only reads , while persists mutable configs
through into .\n\nThat means an operator can persist , restart FE, and
silently fall back to the default value again. For a security-sensitive
switch, that is a correctness bug. Please either remove or add a real custom
LDAP config load/persist path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
