Allow custom return attributes

[Martin-Kemp]

Signed-off-by: Martin Kemp martin_leon.kemp@mercedes-benz.com

Description

Allows specifying which attributes to request from the ldap server.

• Category: New feature
• Why these changes are required?
  It can be a security risk to request more attributes than needed from an ldap server.
• What is the old behavior before changes and new behavior after changes?
  All attributes are requested.

Issues Resolved

#2032

Is this a backport? If so, please add backport PR # and/or commits #
No

Testing

Manual testing with local ldap server. I made sure default behavior remains the same.
Updated unit tests.
This functionality is not tested directly with unit test, I can add one if needed.

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[peternied]

Thanks for the contribution, allows happy to see a straight forward solution to a problem, good work!

To get this merged there are two outstanding items,

Test(s) for the new functionality

This functionality is not tested directly with unit test, I can add one if needed.

Could you please add this functionality?

CI failures

> Task :testClasses
Error: eckstyle] [ERROR] /home/runner/work/security/security/src/main/java/com/amazon/dlic/auth/ldap2/LDAPUserSearcher.java:20:8: Unused import - java.util.Arrays. [UnusedImports]

Error: eckstyle] [ERROR] /home/runner/work/security/security/src/main/java/com/amazon/dlic/auth/ldap2/LDAPUserSearcher.java:29:8: Unused import - org.ldaptive.ReturnAttributes. [UnusedImports]
> Task :checkstyleMain

> Task :checkstyleMain FAILED

See https://github.com/opensearch-project/security/actions/runs/3066577438/jobs/4956644926

Once these are resolved, it looks good to me.

[Martin-Kemp]

Could you please add this functionality?

Sure, will do next week. Thanks for reviewing.

[codecov-commenter]

Codecov Report

Merging #2093 (a44295f) into main (7f992eb) will increase coverage by 0.03%.
The diff coverage is 90.90%.

@@             Coverage Diff              @@
##               main    #2093      +/-   ##
============================================
+ Coverage     60.99%   61.02%   +0.03%     
- Complexity     3226     3229       +3     
============================================
  Files           256      256              
  Lines         18075    18077       +2     
  Branches       3225     3224       -1     
============================================
+ Hits          11024    11031       +7     
+ Misses         5472     5470       -2     
+ Partials       1579     1576       -3     

Impacted Files	Coverage Δ
...zon/dlic/auth/ldap2/LDAPAuthorizationBackend2.java	31.22% <60.00%> (+2.86%)	⬆️
...c/auth/ldap/backend/LDAPAuthenticationBackend.java	81.25% <100.00%> (+0.16%)	⬆️
...ic/auth/ldap/backend/LDAPAuthorizationBackend.java	57.65% <100.00%> (+0.08%)	⬆️
...ava/com/amazon/dlic/auth/ldap/util/LdapHelper.java	61.53% <100.00%> (ø)
...on/dlic/auth/ldap2/LDAPAuthenticationBackend2.java	67.64% <100.00%> (+0.32%)	⬆️
...a/com/amazon/dlic/auth/ldap2/LDAPUserSearcher.java	86.44% <100.00%> (ø)
.../org/opensearch/security/support/PemKeyReader.java	73.38% <0.00%> (-3.38%)	⬇️
...ch/security/securityconf/DynamicConfigFactory.java	56.05% <0.00%> (ø)
...a/org/opensearch/security/tools/SecurityAdmin.java	36.00% <0.00%> (+0.24%)	⬆️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java	56.81% <0.00%> (+0.32%)	⬆️
... and 1 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[cwperks]

Thank you for your contribution @Martin-Kemp and for adding tests for this functionality!

[peternied]

Thanks for the contribution!