Sandor Molnar created KNOX-3358:
-----------------------------------
Summary: Support configurable bind credentials for the embedded
Knox LDAP service
Key: KNOX-3358
URL: https://issues.apache.org/jira/browse/KNOX-3358
Project: Apache Knox
Issue Type: Improvement
Reporter: Sandor Molnar
Assignee: Sandor Molnar
The embedded LDAP service provided by the Knox Gateway currently permits
anonymous access. Any client that can reach the service port is able to perform
binds and searches without supplying any credentials, which is not appropriate
for environments where the directory interface should be restricted to
authenticated callers.
This improvement introduces optional, operator-configurable bind credentials
for the embedded LDAP service:
* {{gateway.ldap.bind.user}} - the bind DN clients must authenticate as
* {{gateway.ldap.bind.password }}- the password for that bind DN
When both properties are configured, anonymous access to the embedded LDAP
service is disabled and clients are required to authenticate with the
configured credentials in order to perform LDAP operations. When the properties
are left unset, the service continues to allow anonymous access as before, so
existing deployments are unaffected.
This gives administrators a simple way to control access to the embedded LDAP
service without changing how internal lookups (backend proxying, group and
roles resolution) are performed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
