[Midpoint-dev] New LDAP connector and other changes in midPoint 3.2

Radovan Semancik radovan.semancik at evolveum.com
Fri Jun 12 10:25:46 CEST 2015


I've just merged a code to support new LDAP connector into the midPoint 
development master branch. There are several things to keep in mind when 
using the master since today.

1) There is a new LDAP connector. It is a complete rewrite. The old one 
was JNDI-based CDDL-licensed legacy from the Sun times. Due to the 
overcomplicated code and the inherent JNDI limitations this connector 
was a development dead end. The new connector is based on Apache 
Directory API and it is licensed under Apache Licence.

2) The new LDAP connector is fixing some of the fundamental issues of 
the old connector. And therefore I have decided NOT to keep it backward 
compatible because backward compatibility will require to also keep some 
of the annoying problems of the old connector. Therefore the new LDAP 
connector has a different connector type and slightly different 
configuration properties. For now you can have a look at the test 
resource files for inspiration (e.g. 
I will be updating the samples and wiki shortly.

3) The new LDAP connector is trying to avoid using the confusing 
concepts of __ACCOUNT__, __NAME__ and other Sun legacy concepts. 
Therefore the new LDAP connector is no longer using "AccountObjectClass" 
in the definitions. Use "inetOrgPerson" or any other real LDAP object 
class instead. The new LDAP connector is also not using the confusing 
"icfs:name" and "icfs:uid" attributes. Simply use real (pseudo)attribute 
names instead, e.g. "ri:dn" and "ri:entryUUID".

4) The old LDAP connector still works. It is no longer shipped with 
midPoint but it can be downloaded and installed as any other extra 
connector. The binary is in our maven repo:
The connector bundle name has changed from 
com.evolveum.polygon.connector-ldap to 
com.evolveum.polygon.connector-ldap-legacy to distinguish these two 
connectors. This has to reflected by changing the connector 
configuration namespace. See resource-opendj-legacy.xml file in sanity 
tests as the example 

5) The new LDAP connector seems to be mostly feature complete and 
reasonably stable. But it is still relatively new code. Therefore use 
with care. The real testing of the connector is planned for next couple 
of weeks.

These things will also apply to the 3.2 release. Any comments and 
suggestions are more than welcome.

Radovan Semancik
Software Architect

More information about the midPoint-dev mailing list