Re: [higgins-dev] Questions/Comments on JNDI CP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] Questions/Comments on JNDI CP

From: "Marc Boorshtein" <mboorshtein@xxxxxxxxx>
Date: Wed, 21 Mar 2007 13:43:29 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HxbHycb8LChpzLWo0tUMQdI8ZFKMzA/yGBOS+egbDG9r9bMoeScro4YxBOK3f6eiGMTmZvOxjpGS2QtKDZbdu0GFwS1JQTCKpi3c2i11SXalLlurgvSctOqnL1Q8859y4ycgsvniKXOAbWqRUzTLrWNiDAASmGwmrtvFtpwtshc=
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>


On #1, what operation(s) are you referring to?  The cuid (subjectID) isn't
actually a username, it's an id unique within the context.  Or are you
talking about IContext.open when passed an AuthNNamePasswordMaterials?

I think the intent (likely for both scenarios -- the name in
AuthNNamePasswordMaterials, as well as the subject's ID) is to eventually
use configuration / policy drive the associations.


Interesting, though i'm still curious to see the whole thing setup,
soup to nuts.  It's been a while since I tried getting everything
setup.  I know you mentioned that you had a version of the JNDI cp
that was had the write operations implemented.  Has that been checked
in?

On #2, JLDAP is only included because it has some nice LDAP filter
capabilities.  No other aspects of it are used.  We think it's better to use
JNDI because we hope to allow other (non-LDAP) JNDI Service Providers to be
plugged in -- giving us access to even more identity stores.


Ok, I've got some real strong opinions on this one :-D  Which
providers do you plan on using?  JNDI at an implementation stand point
abstracts out a lot of what LDAP can do and I've never actually run
into someone using JNDI for anything but LDAP (and possibly kerberos).
For instance, take the open() method in the CP.  It uses the JNDI
open method to perform a bind, but (unless it has changed) if the
connection is already open JNDI does nothing.  In order to perform a
re-bind you need to cast to the LDAPContext and re-establish the
environment (I think it's reopen()).  So by using JNDI you are losing
some of what you can do with the underlying protocol, especially if it
is only being used for LDAP.  In addition, does JNDI abstract out the
filter format?  I believe the JNDI CP generates an LDAP filter, will
that work with other JNDI providers?

Just my 2 cents.  There was a pretty good discussion about this either
on the openldap list or the apacheds list I'm trying to find and will
post once I find it.

Marc

References:
- [higgins-dev] Questions/Comments on JNDI CP
  - From: Marc Boorshtein
- Re: [higgins-dev] Questions/Comments on JNDI CP
  - From: Jim Sermersheim

Prev by Date: Re: [higgins-dev] Questions/Comments on JNDI CP
Next by Date: Re: [higgins-dev] Breaking changes to IdAS for switch to Java 1.4
Previous by thread: Re: [higgins-dev] Questions/Comments on JNDI CP
Next by thread: [higgins-dev] Reminder - Regular Higgins developers call on Thursday at 12:00 Noon EDT
Index(es):
- Date
- Thread

Breadcrumbs