[Midpoint-dev] New LDAP connector and other changes in midPoint 3.2
Radovan Semancik
radovan.semancik at evolveum.com
Fri Jun 12 10:25:46 CEST 2015
Hi,
I've just merged a code to support new LDAP connector into the midPoint
development master branch. There are several things to keep in mind when
using the master since today.
1) There is a new LDAP connector. It is a complete rewrite. The old one
was JNDI-based CDDL-licensed legacy from the Sun times. Due to the
overcomplicated code and the inherent JNDI limitations this connector
was a development dead end. The new connector is based on Apache
Directory API and it is licensed under Apache Licence.
2) The new LDAP connector is fixing some of the fundamental issues of
the old connector. And therefore I have decided NOT to keep it backward
compatible because backward compatibility will require to also keep some
of the annoying problems of the old connector. Therefore the new LDAP
connector has a different connector type and slightly different
configuration properties. For now you can have a look at the test
resource files for inspiration (e.g.
https://github.com/Evolveum/midpoint/blob/master/testing/sanity/src/test/resources/repo/resource-opendj.xml).
I will be updating the samples and wiki shortly.
3) The new LDAP connector is trying to avoid using the confusing
concepts of __ACCOUNT__, __NAME__ and other Sun legacy concepts.
Therefore the new LDAP connector is no longer using "AccountObjectClass"
in the definitions. Use "inetOrgPerson" or any other real LDAP object
class instead. The new LDAP connector is also not using the confusing
"icfs:name" and "icfs:uid" attributes. Simply use real (pseudo)attribute
names instead, e.g. "ri:dn" and "ri:entryUUID".
4) The old LDAP connector still works. It is no longer shipped with
midPoint but it can be downloaded and installed as any other extra
connector. The binary is in our maven repo:
http://nexus.evolveum.com/nexus/content/repositories/releases/com/evolveum/polygon/connector-ldap-legacy/1.4.0.50/
The connector bundle name has changed from
com.evolveum.polygon.connector-ldap to
com.evolveum.polygon.connector-ldap-legacy to distinguish these two
connectors. This has to reflected by changing the connector
configuration namespace. See resource-opendj-legacy.xml file in sanity
tests as the example
(https://github.com/Evolveum/midpoint/blob/master/testing/sanity/src/test/resources/repo/resource-opendj-legacy.xml)
5) The new LDAP connector seems to be mostly feature complete and
reasonably stable. But it is still relatively new code. Therefore use
with care. The real testing of the connector is planned for next couple
of weeks.
These things will also apply to the 3.2 release. Any comments and
suggestions are more than welcome.
--
Radovan Semancik
Software Architect
evolveum.com
More information about the midPoint-dev
mailing list