[
https://issues.apache.org/jira/browse/KNOX-3358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-3358:
--------------------------------
Status: Patch Available (was: In Progress)
> Support configurable bind credentials for the embedded Knox LDAP service
> ------------------------------------------------------------------------
>
> Key: KNOX-3358
> URL: https://issues.apache.org/jira/browse/KNOX-3358
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The embedded LDAP service provided by the Knox Gateway currently permits
> anonymous access. Any client that can reach the service port is able to
> perform binds and searches without supplying any credentials, which is not
> appropriate for environments where the directory interface should be
> restricted to authenticated callers.
> This improvement introduces optional, operator-configurable bind credentials
> for the embedded LDAP service:
> * {{gateway.ldap.bind.user}} - the bind DN clients must authenticate as
> * {{gateway.ldap.bind.password }}- the password for that bind DN
> When both properties are configured, anonymous access to the embedded LDAP
> service is disabled and clients are required to authenticate with the
> configured credentials in order to perform LDAP operations. When the
> properties are left unset, the service continues to allow anonymous access as
> before, so existing deployments are unaffected.
> This gives administrators a simple way to control access to the embedded LDAP
> service without changing how internal lookups (backend proxying, group and
> roles resolution) are performed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
