[jira] [Work logged] (KNOX-3277) Improve LDAP pluggable backend to work with AD

Wed, 18 Mar 2026 09:48:14 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3277?focusedWorklogId=1010128&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1010128
 ]

ASF GitHub Bot logged work on KNOX-3277:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Mar/26 16:47
            Start Date: 18/Mar/26 16:47
    Worklog Time Spent: 10m 
      Work Description: handavid commented on code in PR #1177:
URL: https://github.com/apache/knox/pull/1177#discussion_r2954835031


##########
gateway-server/src/main/java/org/apache/knox/gateway/services/ldap/backend/LdapProxyBackend.java:
##########
@@ -63,6 +64,14 @@ public class LdapProxyBackend implements LdapBackend {
     private String groupMemberAttribute = "memberUid"; // member for AD, 
memberUid for POSIX
     private boolean useMemberOf; // Use memberOf attribute for group lookup 
(efficient for AD)
 
+    private List<String> proxyEntityAttributeTypes = List.of(
+            // "uid" will always be filled
+            "cn",
+            "dn",

Review Comment:
   there are two schemas in play. The `ldap-proxy-backend-test.ldif` schema is 
for the backend ldap server (i.e., the real server). The 
`proxyEntityAttributeTypes` are those entities that will be copied and returned 
by the proxy ldap server. These two lists do not need to match exactly.
   
   In this PR, the list is factored up from the `createProxyEntry` method for 
easier inspection and future modification.  This is not a change from the 
existing behavior of the ldap proxy. We'll probably extend this list or pull it 
out to configuration in the future to allow users to define schema for proxy 
entities.
   
   I just noticed the name mismatch between `Entity` and `Entry`. I'll fix the 
name of this list to `proxyEntryAttributeTypes`.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1010128)
    Time Spent: 40m  (was: 0.5h)

> Improve LDAP pluggable backend to work with AD
> ----------------------------------------------
>
>                 Key: KNOX-3277
>                 URL: https://issues.apache.org/jira/browse/KNOX-3277
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: David Han
>            Assignee: David Han
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Knox exposed an LDAP interface in KNOX-3247.
> The code needs to be tested against and improved to work with AD.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to