75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values. - Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context. - Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events. - Introduced AuthorityAuditSink for persisting audit records with structured logging. - Added CryptoPro related classes for certificate resolution and signing operations.
13 lines
1.2 KiB
Markdown
13 lines
1.2 KiB
Markdown
# 2025-11-09 — Authority LDAP Plug-in Readiness (PLG7.IMPL-005)
|
|
|
|
## Summary
|
|
- Added a dedicated LDAP quick-reference section to the Authority plug-in developer guide covering mutual TLS requirements, DN→role regex mappings, Mongo-backed claim caching, and the client-provisioning audit mirror.
|
|
- Refreshed the sample manifest at `etc/authority.plugins/ldap.yaml` so operators see cache-enabled defaults, placeholder usage for regex mappings, and audit-mirror notes that match the implementation.
|
|
- Documented that Offline Kits now ship the LDAP plug-in binaries plus the curated manifest, enabling air-gapped installs to drop the assets directly into `plugins/authority/**`.
|
|
- Logged the shipment in release notes so Security/Docs guilds can reference the change and testers can align their smoke runs.
|
|
|
|
## Impact
|
|
- Documentation now tells operators exactly how to enable mutual TLS, configure regex mappings, and size caches/audit mirrors before turning the plug-in on.
|
|
- Offline Kit consumers understand that LDAP plug-in artefacts are part of the bundle and no longer have to copy manifests manually across environments.
|
|
- Sprint 100 tracker reflects PLG7.IMPL-005 as DONE, unblocking Authority/Docs sign-off for the LDAP plug-in workstream.
|