[
https://issues.apache.org/jira/browse/KNOX-3330?focusedWorklogId=1023565&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1023565
]
ASF GitHub Bot logged work on KNOX-3330:
----------------------------------------
Author: ASF GitHub Bot
Created on: 03/Jun/26 20:35
Start Date: 03/Jun/26 20:35
Worklog Time Spent: 10m
Work Description: handavid commented on code in PR #1240:
URL: https://github.com/apache/knox/pull/1240#discussion_r3351729908
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/ldap/interceptor/UserSearchInterceptor.java:
##########
@@ -98,47 +107,55 @@ public EntryFilteringCursor search(SearchOperationContext
ctx) throws LdapExcept
}
originalResults.close();
} catch (Exception e) {
- // If we get an error or no results, try the backend
+ // If we get an error or no results, try the backends
}
- // If no local results, try backend
- if (entries.isEmpty() && username != null) {
+ if (username != null) {
try {
- SchemaManager schemaManager =
directoryService.getSchemaManager();
-
if (username.contains("*")) {
// Wildcard search - use searchUsers
LOG.ldapSearch(baseDn, "wildcard user search: " +
username);
- List<Entry> backendEntries =
backend.searchUsers(username, schemaManager);
-
// Return backend results directly without caching to
avoid deadlock
// (caching during an active search can cause ApacheDS
locking issues)
- entries.addAll(backendEntries);
+ entries.addAll(searchUsers(username));
} else {
- // Specific user lookup
- LOG.ldapUserLoaded(username);
- Entry backendEntry = backend.getUser(username,
schemaManager);
-
- if (backendEntry != null) {
- // Return backend result directly without caching
- entries.add(backendEntry);
- LOG.ldapUserEntry(backendEntry.toString());
- } else {
- LOG.ldapUserNull(username);
+ // if no results, perform single-user search
+ if (entries.isEmpty()) {
+ // Specific user lookup
+ LOG.ldapUserLoaded(username);
+ Entry backendEntry = getUser(username);
+
+ if (backendEntry != null) {
+ // Return backend result directly without
caching
+ entries.add(backendEntry);
+ LOG.ldapUserEntry(backendEntry.toString());
+ } else {
+ LOG.ldapUserNull(username);
+ }
}
}
} catch (Exception e) {
- LOG.ldapServiceStopFailed(e);
+ LOG.ldapSearchFailed(baseDn, filter, e);
}
}
// Return cursor with our results - use a simple approach
- return new EntryFilteringCursorImpl(new ListCursor<>(entries),
ctx, directoryService.getSchemaManager());
+ return new EntryFilteringCursorImpl(new ListCursor<>(entries),
ctx, schemaManager);
}
return originalResults;
}
+ private List<Entry> searchUsers(String userSearchString) throws Exception {
+ List<Entry> entries = new ArrayList<>();
+ entries.addAll(backend.searchUsers(userSearchString, schemaManager));
+ return entries;
Review Comment:
removed. this was a result of refactoring some intermediate changes.
Issue Time Tracking
-------------------
Worklog Id: (was: 1023565)
Time Spent: 1h 20m (was: 1h 10m)
> Improve LDAP Proxy configurability for multiple LDAP backends
> -------------------------------------------------------------
>
> Key: KNOX-3330
> URL: https://issues.apache.org/jira/browse/KNOX-3330
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: David Han
> Assignee: David Han
> Priority: Major
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> The Knox ldap proxy uses an interceptor to proxy search requests to a
> configured backend. This configuration is somewhat limiting in how the proxy
> can transform search results. Refactor to configure on the interceptor level
> instead of the backend level so that new types of interceptors can be easily
> added and multiple backends can be included.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
