[ 
https://issues.apache.org/jira/browse/KNOX-3358?focusedWorklogId=1026394&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1026394
 ]

ASF GitHub Bot logged work on KNOX-3358:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Jun/26 09:58
            Start Date: 23/Jun/26 09:58
    Worklog Time Spent: 10m 
      Work Description: smolnar82 merged PR #1275:
URL: https://github.com/apache/knox/pull/1275




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1026394)
    Time Spent: 40m  (was: 0.5h)

> Support configurable bind credentials for the embedded Knox LDAP service
> ------------------------------------------------------------------------
>
>                 Key: KNOX-3358
>                 URL: https://issues.apache.org/jira/browse/KNOX-3358
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The embedded LDAP service provided by the Knox Gateway currently permits 
> anonymous access. Any client that can reach the service port is able to 
> perform binds and searches without supplying any credentials, which is not 
> appropriate for environments where the directory interface should be 
> restricted to authenticated callers.
> This improvement introduces optional, operator-configurable bind credentials
> for the embedded LDAP service:
>  * {{gateway.ldap.bind.user}} - the bind DN clients must authenticate as
>  * {{gateway_ldap_bind_password}} - the password for that bind DN, saved as 
> an alias in the gateway-level credential store
> When both properties are configured, anonymous access to the embedded LDAP 
> service is disabled and clients are required to authenticate with the 
> configured credentials in order to perform LDAP operations. When the 
> properties are left unset, the service continues to allow anonymous access as 
> before, so existing deployments are unaffected.
> This gives administrators a simple way to control access to the embedded LDAP 
> service without changing how internal lookups (backend proxying, group and 
> roles resolution) are performed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to