smolnar82 commented on PR #1275:
URL: https://github.com/apache/knox/pull/1275#issuecomment-4773417037
Manual testing results:
gateway-site.xml changes:
```
<property>
<name>gateway.ldap.bind.user</name>
<value>uid=knox,ou=people,dc=hadoop,dc=apache,dc=org</value>
</property>
```
Saved the bind password:
```
$ bin/knoxcli.sh create-alias gateway.ldap.bind.password --value knoxsecret
gateway.ldap.bind.password has been successfully created.
```
Restarted Knox.
Logs:
```
2026-06-22 23:50:17,073 INFO services.ldap
(KnoxLDAPServerManager.java:start(205)) - Anonymous access disabled; clients
must bind as: uid=knox,ou=people,dc=hadoop,dc=apache,dc=org
```
Anonymous access denied:
```
$ ldapsearch -x -H ldap://localhost:33390 -b "" "(uid=admin)" cn
ldap_bind: Invalid credentials (49)
additional info: INVALID_CREDENTIALS: Bind failed:
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException:
ERR_229 Cannot authenticate user
```
Wrong password:
```
$ ldapsearch -x -H ldap://localhost:33390 -D
"uid=knox,ou=people,dc=hadoop,dc=apache,dc=org" -w wrongPassword -b ""
"(uid=admin)" cn mail memberOf
ldap_bind: Invalid credentials (49)
additional info: INVALID_CREDENTIALS: Bind failed:
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException:
ERR_229 Cannot authenticate user uid=knox,ou=people,dc=hadoop,dc=apache,dc=org
```
Happy path:
```
$ ldapsearch -x -H ldap://localhost:33390 -D
"uid=knox,ou=people,dc=hadoop,dc=apache,dc=org" -w knoxsecret -b ""
"(uid=admin)" cn mail memberOf
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (uid=admin)
# requesting: cn mail memberOf
#
# admin, people, hadoop.apache.org
dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
mail: [email protected]
cn: System Administrator
memberOf: cn=admin,ou=groups,dc=hadoop,dc=apache,dc=org
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]