On #1, what operation(s) are you referring to? The cuid (subjectID) isn't actually a username, it's an id unique within the context. Or are you talking about IContext.open when passed an AuthNNamePasswordMaterials?
I think the intent (likely for both scenarios -- the name in AuthNNamePasswordMaterials, as well as the subject's ID) is to eventually use configuration / policy drive the associations.
On #2, JLDAP is only included because it has some nice LDAP filter capabilities. No other aspects of it are used. We think it's better to use JNDI because we hope to allow other (non-LDAP) JNDI Service Providers to be plugged in -- giving us access to even more identity stores.
Jim >>> "Marc Boorshtein" <mboorshtein@xxxxxxxxx> 3/20/07 9:20 AM >>> I had a few questions/comments on the JNDI CP: 1. Why does the JNDI CP assume that the username will be the rdn (or a part of the dn) of the user's object? It is fairly common to have the RDN be a non-username attribute (such as a unique id number). Why not use the typical pattern of "search for the user then bind". This also has the disadvantage or requiring all users to be in the same subcontext of the DIT. 2. I see jldap is a part of the JNDI CP packages, why use JNDI as opposed to JLDAP? Thanks Marc _______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev
|