forked from elastic/elasticsearch
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Hot-reloadable LDAP bind password (elastic#104320)
This PR enables `secure_bind_password` setting to be updated via `reload_secure_settings` API, without the need to restart nodes. The `secure_bind_password` must be updated on the AD/LDAP server, changed in the Elasticsearch keystore and reloaded via `reload_secure_settings` API. This change does not include a support for the grace period, where both old and new passwords are active. The new password change is active immediately after reload and will be used when establishing new LDAP connections. LDAP connections are stateful, and once a connection is established and bound, it remains open until explicitly closed or until a connection timeout occurs. Changing the bind password on will not affect and invalidate existing connections.
- Loading branch information
1 parent
c552bc1
commit e87f58d
Showing
17 changed files
with
531 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
pr: 104320 | ||
summary: Hot-reloadable LDAP bind password | ||
area: Authentication | ||
type: enhancement | ||
issues: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.