[jira] [Commented] (KNOX-3358) Support configurable bind credentials for the embedded Knox LDAP service

Tue, 23 Jun 2026 02:59:06 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-3358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18090880#comment-18090880
 ] 

ASF subversion and git services commented on KNOX-3358:
-------------------------------------------------------

Commit 9f945f8bd379396eb3fb49c85030fe0244fe4b19 in knox's branch 
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=9f945f8bd ]

KNOX-3358: Support configurable bind credentials for the embedded Knox LDAP 
service (#1275)

> Support configurable bind credentials for the embedded Knox LDAP service
> ------------------------------------------------------------------------
>
>                 Key: KNOX-3358
>                 URL: https://issues.apache.org/jira/browse/KNOX-3358
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The embedded LDAP service provided by the Knox Gateway currently permits 
> anonymous access. Any client that can reach the service port is able to 
> perform binds and searches without supplying any credentials, which is not 
> appropriate for environments where the directory interface should be 
> restricted to authenticated callers.
> This improvement introduces optional, operator-configurable bind credentials
> for the embedded LDAP service:
>  * {{gateway.ldap.bind.user}} - the bind DN clients must authenticate as
>  * {{gateway_ldap_bind_password}} - the password for that bind DN, saved as 
> an alias in the gateway-level credential store
> When both properties are configured, anonymous access to the embedded LDAP 
> service is disabled and clients are required to authenticate with the 
> configured credentials in order to perform LDAP operations. When the 
> properties are left unset, the service continues to allow anonymous access as 
> before, so existing deployments are unaffected.
> This gives administrators a simple way to control access to the embedded LDAP 
> service without changing how internal lookups (backend proxying, group and 
> roles resolution) are performed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to