[jira] [Work logged] (KNOX-3330) Improve LDAP Proxy configurability for multiple LDAP backends

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3330?focusedWorklogId=1023600&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1023600
 ]

ASF GitHub Bot logged work on KNOX-3330:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Jun/26 04:27
            Start Date: 04/Jun/26 04:27
    Worklog Time Spent: 10m 
      Work Description: handavid commented on code in PR #1240:
URL: https://github.com/apache/knox/pull/1240#discussion_r3353459349


##########
gateway-server/src/main/java/org/apache/knox/gateway/services/ldap/KnoxLDAPServerManager.java:
##########
@@ -174,11 +183,30 @@ private void addGroupLookupInterceptor() {
             }
         }
 
-        final GroupLookupInterceptor interceptor = new 
GroupLookupInterceptor(directoryService, backend);
-        if (authIdx != -1) {
-            interceptors.add(authIdx, interceptor);
-        } else {
-            interceptors.add(interceptor);
+        // Add our configured interceptors
+        SchemaManager schemaManager = directoryService.getSchemaManager();
+        for (Interceptor interceptor : interceptors) {
+            if (interceptor instanceof UserSearchInterceptor) {
+                // Create partition for remote base DN if different from proxy 
base DN
+                // This allows backend entries with remote DNs to be returned 
in search results
+                LdapBackend backend = ((UserSearchInterceptor) 
interceptor).getBackend();
+                String remoteBaseDn = backend.getBaseDn();
+                if (!baseDns.contains(remoteBaseDn)) {
+                    //create partition
+                    String id = backend.getName().replaceAll("\\s+", "");
+                    JdbmPartition remotePartition = new 
JdbmPartition(schemaManager, directoryService.getDnFactory());
+                    remotePartition.setId(id);
+                    remotePartition.setSuffixDn(new Dn(schemaManager, 
remoteBaseDn));
+                    remotePartition.setPartitionPath(new File(workDir, 
id).toURI());
+                    directoryService.addPartition(remotePartition);
+                    baseDns.add(remoteBaseDn);
+                }

Review Comment:
   done. I pulled this out to get the values from the configs rather than the 
Interceptors.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1023600)
    Time Spent: 2h 10m  (was: 2h)

> Improve LDAP Proxy configurability for multiple LDAP backends
> -------------------------------------------------------------
>
>                 Key: KNOX-3330
>                 URL: https://issues.apache.org/jira/browse/KNOX-3330
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: David Han
>            Assignee: David Han
>            Priority: Major
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> The Knox ldap proxy uses an interceptor to proxy search requests to a 
> configured backend. This configuration is somewhat limiting in how the proxy 
> can transform search results. Refactor to configure on the interceptor level 
> instead of the backend level so that new types of interceptors can be easily 
> added and multiple backends can be included.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)