[jira] [Work logged] (KNOX-3358) Support configurable bind credentials for the embedded Knox LDAP service

Mon, 22 Jun 2026 14:51:07 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3358?focusedWorklogId=1026315&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1026315
 ]

ASF GitHub Bot logged work on KNOX-3358:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Jun/26 21:50
            Start Date: 22/Jun/26 21:50
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #1275:
URL: https://github.com/apache/knox/pull/1275#issuecomment-4773395516

   ## Test Results
   28 tests   28 ✅  2s ⏱️
    1 suites   0 💤
    1 files     0 ❌
   
   Results for commit 2b0e6f2e.
   
   
[test-results]:data:application/gzip;base64,H4sIACmuOWoC/12Myw6CMBBFf4V07aJMeYg/Y9phmkwEavpYGf/dglrB3T3nJuchLE8UxKWqT5UIiWOBMXkd2S0ZIWM+4nrB+QvXkBD/zI3v2cgirObpIMh75z/Gp6UU130IvsWvt/Eut/G+hm6eOWYQYCR1Foi0AlIaySgDrSUcaejroUdp2q4xjXi+AFeuXd7/AAAA
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1026315)
    Time Spent: 20m  (was: 10m)

> Support configurable bind credentials for the embedded Knox LDAP service
> ------------------------------------------------------------------------
>
>                 Key: KNOX-3358
>                 URL: https://issues.apache.org/jira/browse/KNOX-3358
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The embedded LDAP service provided by the Knox Gateway currently permits 
> anonymous access. Any client that can reach the service port is able to 
> perform binds and searches without supplying any credentials, which is not 
> appropriate for environments where the directory interface should be 
> restricted to authenticated callers.
> This improvement introduces optional, operator-configurable bind credentials
> for the embedded LDAP service:
>  * {{gateway.ldap.bind.user}} - the bind DN clients must authenticate as
>  * {{gateway.ldap.bind.password }}- the password for that bind DN
> When both properties are configured, anonymous access to the embedded LDAP 
> service is disabled and clients are required to authenticate with the 
> configured credentials in order to perform LDAP operations. When the 
> properties are left unset, the service continues to allow anonymous access as 
> before, so existing deployments are unaffected.
> This gives administrators a simple way to control access to the embedded LDAP 
> service without changing how internal lookups (backend proxying, group and 
> roles resolution) are performed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to