shibboleth-dev - Re: JNDI/LDAP Connector Feature Requests
Subject: Shibboleth Developers
List archive
- From: Walter Hoehn <>
- To:
- Subject: Re: JNDI/LDAP Connector Feature Requests
- Date: Thu, 21 Sep 2006 14:09:02 -0500
Yeah, I'm not at all a fan of JNDI. It tries to be so generic that it doesn't really align well with the problems that most folks try to solve with it. The real reason I ended up using it in the IdP was on the hope that I could pass in configuration that was opaque to the IdP to invoke JNDI features. That way, I wouldn't have to code knowledge of all LDAP features into the data connector. To some extent this has played out well, but with some notable exceptions... basically anything ldapv3'ish, which JNDI tacked on as method extensions. I'm not sure about the best way to move forward. The other way I've done ldap queries in java was with the mozilla SDK. I greatly preferred programming to this API, but felt like it would be hard to expose all of the options in the resolver configuration. It's been a few years since I've looked at that, though.
-Walter
On Sep 20, 2006, at 5:47 AM, Chad La Joie wrote:
Hey Walter,
I know you and have talked a bit about not really liking the JNDI interface. At VT we ran into a lot of problems with JNDI doing more advanced things (like LDAP TLS w/ SASL-EXTERNAL binds) and one of the guys wrote a library from scratch. It might be worth checking out now. It still uses JNDI deep inside but it has, in my opinion, a much more sane, and LDAP-centric, API.
http://www.middleware.vt.edu/doku.php?id=middleware:opensource:ldap
Walter Hoehn wrote:
On Jul 29, 2006, at 10:15 AM, Chad La Joie wrote:
So, I've heard a couple of requests for new features of the LDAP data connector for the AA, and I have one of my own.I'll have to look into it again, but unless something has changed this would mean not using the built-in JNDI caching and implementing something on our own. Besides connection pooling, what do you have in mind?
- Better TLS support, especially connection pooling for TLS connections- SASL support for KerberosAgreed. This one is already in bugzilla.
- Support for the usage of resolved attributes in the LDAP filter (other than just the principal ID) similar to the the statement creator used in the RDB connector.This sounds doable. Can you file a bugzilla?
-Walter
--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124
- Re: JNDI/LDAP Connector Feature Requests, Walter Hoehn, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Chad La Joie, 09/20/2006
- Re: JNDI/LDAP Connector Feature Requests, Walter Hoehn, 09/21/2006
- <Possible follow-up(s)>
- Re: JNDI/LDAP Connector Feature Requests, Walter Hoehn, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Jim Fox, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Walter Hoehn, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Jim Fox, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Walter Hoehn, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Jim Fox, 09/15/2006
- Re: JNDI/LDAP Connector Feature Requests, Chad La Joie, 09/20/2006
Archive powered by MHonArc 2.6.16.