[
https://issues.apache.org/jira/browse/KNOX-548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592370#comment-14592370
]
Larry McCay commented on KNOX-548:
----------------------------------
This command name question actually stirs up concerns that I have in the back
of my mind....
1. The easy comment - I would simplify the name to something like "ldap-bind" -
essentially this facility should be as straight foward to anyone familiar with
ldapsearch to do similar tests as possible.
2. now the muck that you have stirred up.... this is a shiro provider specific
command - it can't be used with any topology that is using header based SSO,
etc.
3. should the command name be shiro-bind?
4. what happens when you try this with a non-shiro provider topology?
5. should we make provisions for other provider tests at the CLI? I think not
actually - but it is just odd from a Knox cli perspective to have a shiro
specific command.
6. do we equate LDAP support in Knox with Shiro or is it just another provider
that could replaced with other LDAP provider? if we can say yes we equate LDAP
with Shiro - then a command name like "knoxcli.sh ldapsearch -t topologyname
-g" makes a lot of sense and is rather intuitive to anyone that would be
debugging LDAP config. If we can't say that LDAP == Shiro then maybe
"shirosearch" - the connection is less clear there.
Anyway, sorry to expose you to the muck of my mind but you asked for it.
Bottom line: I think we should call it "ldapsearch" we may need to ensure that
we can use it with other providers given a topology with some alternative -
meaning some sort of pluggable bind with a shiro impl to start.
> LDAP Bind in Knox CLI
> ---------------------
>
> Key: KNOX-548
> URL: https://issues.apache.org/jira/browse/KNOX-548
> Project: Apache Knox
> Issue Type: New Feature
> Components: KnoxCLI
> Reporter: Zachary Blanco
> Priority: Minor
> Attachments: KNOX-548-1.patch, KNOX-548-docs.patch
>
>
> LDAP bind issues are a common user issue at initial setup. Could a feature be
> added to knoxcli.sh to allow a user to test Knox’s bind to the LDAP server
> specified in a given topology?
> For example,
> ./knoxcli.sh validate-ldap-bind <topology name>
> <topology name> is the topology file name in /etc/knox/conf/topologies to use
> for the test. This argument would be required and ensures the test is against
> a running configuration. Executing without this argument could return the
> list of available topology files.
> Executing “./knoxcli.sh validate-ldap-bind <topology name>” will use the LDAP
> settings from the specified topology file in /etc/knox/conf/topologies to
> test the configuration’s ability to successfully bind to the LDAP server.
> Returning success or failure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
