lmccay opened a new pull request, #1144: URL: https://github.com/apache/knox/pull/1144
[KNOX-1234](url) - KNOX-3247 - Knox LDAP Server with Pluggable Backend ## What changes were proposed in this pull request? By exposing an LDAP interface from Knox, we can provide a rich set of backend implementations that can: - Provide easy demo and test environments with a file based backend - Provide enterprise integrations by proxying actual LDAP backends - Provide novel implementations based on the KNOX-AUTH-SERVICE in other topologies - All while simplifying the configuration of consumers by normalizing the exposed schema - resulting in the same LDAP config for all deployments rather than chasing the deployment specific details across the platform. - Knox can be the central LDAP Server for the platform while integrating with all of the possible combinations that we already support. The LDAP Server proxy feature normalizes the consumer facing schema and returns the proxied schema results. This is a standard/common LDAP Proxy pattern. It also needs to be able to reverse the mapping for queries that come from a result that includes the backend schema such as the DN. So, consumers can use both the internal and external DNs for searches. This PR adds a new GatewayService called KnoxLDAPServer that uses ServiceLoader to provide an SPI for backend implementations. It includes a file based backend for testing and an LDAP backend to proxy access to other external LDAP servers. ## How was this patch tested? New unit tests have been added for those things that can be mocked and tested. We will need to add additional integration tests with an actual backend deployed. Manually tested both the file based and LDAP Server based backends. Used the existing Demo LDAP Server as the proxied LDAP Server. ## Integration Tests (Please add or update integration tests [`.github/workflows/tests`](.github/workflows/tests) for the feature you are adding. If no unit test is added, please explain why. Check out [`.github/workflows/tests/README.md`](./workflows/tests/README.md) for instructions) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
