smolnar82 commented on PR #1275:
URL: https://github.com/apache/knox/pull/1275#issuecomment-4773417037

   Manual testing results:
   
   gateway-site.xml changes:
   ```
       <property>
           <name>gateway.ldap.bind.user</name>
           <value>uid=knox,ou=people,dc=hadoop,dc=apache,dc=org</value>
       </property>
   ```
   
   Saved the bind password:
   ```
   $ bin/knoxcli.sh create-alias gateway.ldap.bind.password --value knoxsecret
   gateway.ldap.bind.password has been successfully created.
   ```
   
   Restarted Knox.
   
   Logs:
   ```
   2026-06-22 23:50:17,073  INFO  services.ldap 
(KnoxLDAPServerManager.java:start(205)) - Anonymous access disabled; clients 
must bind as: uid=knox,ou=people,dc=hadoop,dc=apache,dc=org
   ```
   
   Anonymous access denied:
   ```
   $ ldapsearch -x -H ldap://localhost:33390 -b "" "(uid=admin)" cn
   ldap_bind: Invalid credentials (49)
        additional info: INVALID_CREDENTIALS: Bind failed: 
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
ERR_229 Cannot authenticate user 
   ```
   
   Wrong password:
   ```
   $ ldapsearch -x -H ldap://localhost:33390 -D 
"uid=knox,ou=people,dc=hadoop,dc=apache,dc=org" -w wrongPassword -b "" 
"(uid=admin)" cn mail memberOf
   ldap_bind: Invalid credentials (49)
        additional info: INVALID_CREDENTIALS: Bind failed: 
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
ERR_229 Cannot authenticate user uid=knox,ou=people,dc=hadoop,dc=apache,dc=org
   ```
   
   Happy path:
   ```
   $ ldapsearch -x -H ldap://localhost:33390 -D 
"uid=knox,ou=people,dc=hadoop,dc=apache,dc=org" -w knoxsecret -b "" 
"(uid=admin)" cn mail memberOf
   # extended LDIF
   #
   # LDAPv3
   # base <> with scope subtree
   # filter: (uid=admin)
   # requesting: cn mail memberOf 
   #
   
   # admin, people, hadoop.apache.org
   dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
   mail: [email protected]
   cn: System Administrator
   memberOf: cn=admin,ou=groups,dc=hadoop,dc=apache,dc=org
   
   # search result
   search: 2
   result: 0 Success
   
   # numResponses: 2
   # numEntries: 1
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to