[jira] [Commented] (KNOX-3341) Enhance LDAP Proxy to support more general search parameters

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/KNOX-3341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091527#comment-18091527
 ] 

ASF subversion and git services commented on KNOX-3341:
-------------------------------------------------------

Commit 8a1332bdfdaaa75a1fa084262b020c9247a31a95 in knox's branch 
refs/heads/master from David Han
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=8a1332bdf ]

KNOX-3341: LDAP proxy backend handles general searches (#1274)

This commit improves the behavior of the LdapProxyBackend to handle broader 
search requests
such as retrieving all users, all groups, or filtering by attributes other than 
uid.

A "search" method was added to the LdapBackend interface to support broader 
search requests.

LdapProxyBackend implements this method by converting the search base, 
objectclass, and user
identifier attribute from proxy values to values recognized by the remote LDAP 
backend.
LdapProxyBackend.createProxyEntry was factored out into a new 
RemoteSchemaConverter class. This class
also contains methods for converting the search filter and DNs. The conversions 
in the search filter
are further supported by a new FilterMappingVisitor class which will traverse 
the ExprNode tree and replace
values as needed.
Result entries are likewise converted from the remote values to the proxy 
values. As part of the mapping,
the AD 'userAccountControl' attribute type is mapped into the 'nsAccountLock' 
attribute type. A new
DisabledUserInterceptor is implemented to perform this conversion. This 
interceptor can also be
configured to remove disabled entries from the results.

Group membership retrieval is modified to use 'getUserGroupEntries' as a common 
starting point
then branch into separate codepaths for using 'memberOf' or not.

FileBackend simply maps the filter back into user search.

> Enhance LDAP Proxy to support more general search parameters
> ------------------------------------------------------------
>
>                 Key: KNOX-3341
>                 URL: https://issues.apache.org/jira/browse/KNOX-3341
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: David Han
>            Assignee: David Han
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> LDAP search with the LDAP Proxy is focused around user retrieval based on 
> uid. This should be enhanced to better support the search filter and returned 
> attribute parameters commonly used in LDAP search.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)