KNOX-3330: Refactor LDAP Proxy configuration to support multiple backends#1240
KNOX-3330: Refactor LDAP Proxy configuration to support multiple backends#1240handavid wants to merge 2 commits into
Conversation
Test Results22 tests 22 ✅ 2s ⏱️ Results for commit 8e9af3d. ♻️ This comment has been updated with latest results. |
handavid
force-pushed
the
knox-3330-improve-interceptors
branch
from
33fe1fe to
dd9de8d
Compare
|
rebased and fixed conflicts |
smolnar82
left a comment
smolnar82
left a comment
There was a problem hiding this comment.
I'll keep the review later today.
smolnar82
left a comment
smolnar82
left a comment
There was a problem hiding this comment.
Another batch of comments.
I'll review the tests tomorrow.
| <!-- LDAP proxy backend configuration (gateway.ldap.interceptor.<interceptorName>.backendType=ldap) --> | ||
| <!-- This backend proxies to an external LDAP server (e.g., demo LDAP) --> | ||
| <!-- | ||
| Example 1: Using Knox demo LDAP server (default port 33389) |
There was a problem hiding this comment.
I'm not sure I like the idea of putting all these samples in the gateway-site.xml here.
We should rather create the new section in our user guide (see the knox-site module), and add all these sample configs there.
There was a problem hiding this comment.
I'm fixing the existing configs here for my config changes. should we remove the whole ldap proxy-related block?
I was waiting for #1227 to be merged before updating the documentation
There was a problem hiding this comment.
these values need to be correct for the KnoxCLITest to work
handavid
force-pushed
the
knox-3330-improve-interceptors
branch
from
0bfb637 to
69960ee
Compare
|
force push was due to rebase on master to work on resolution of conflicts. |
…ends Gateway server configurations are updated to use 'gateway.ldap.interceptor.*' instead of 'gateway.ldap.backend.*' to allow specifying multiple types of interceptors as well as multiple backends to the LDAP proxy. BackendFactory has been modified to use the java ServiceLoader to load a factory for a backend class instead of a backend instance directly. This allows multiple backends of the same class to be configured. InterceptorFactory has been implemented following the same pattern. GroupLookupInterceptor is renamed to UserSearchInterceptor to more accurately describe what it does. Multiple UserSearchInterceptors can be configured with each forwarding the search to its backend and appending the results. A DuplicateUserFilteringInterceptor has been implemented that will filter out search Entries with the same UID that are returned from different backends.
handavid
force-pushed
the
knox-3330-improve-interceptors
branch
from
8e9af3d to
423e3ae
Compare
|
@smolnar82 |
2 participants
KNOX-3330 - Refactor Knox LDAP Proxy configuration and implementation to allow multiple backends to be simultaneously configured
What changes were proposed in this pull request?
Gateway server configurations are updated to use 'gateway.ldap.interceptor.' instead of 'gateway.ldap.backend.' to allow specifying multiple types of interceptors as well as multiple backends to the LDAP proxy.
BackendFactory has been modified to use the java ServiceLoader to load a factory for a backend class instead of a backend instance directly. This allows multiple backends of the same class to be configured. InterceptorFactory has been implemented following the same pattern.
GroupLookupInterceptor is renamed to UserSearchInterceptor to more accurately describe what it does. Multiple UserSearchInterceptors can be configured with each forwarding the search to its backend and appending the results.
A DuplicateUserFilteringInterceptor has been implemented that will filter out search Entries with the same UID that are returned from different backends.
How was this patch tested?
Unit tests were updated.
Changes were manually tested against the test ldap server and an AD that I have access to.
The following configuration was added to the gateway-site.xml
Integration Tests
No integration test changes. PR can be updated after #1236 is merged
UI changes
no UI changes