[midPoint] New ldap connector and auxiliary objectClasses

midpoint at mybtinternet.com midpoint at mybtinternet.com
Fri Oct 23 10:44:24 CEST 2015


Hi Radovan,

  Actually, it is not a violation of the standard, see RFC 4520, section 3.4,
  published in 2006. http://www.rfc-archive.org/getrfc.php?rfc=4520

  More curious though, is why Apache Directory Studio deals with this properly;
  does this imply they are not using their own directory API?

  However, thx for adding the support.

Regards,
  Anton


----Original message----
>From : radovan.semancik at evolveum.com
Date : 22/10/2015 - 20:57 (BST)
To : midpoint at lists.evolveum.com
Subject : Re: [midPoint] New ldap connector and auxiliary objectClasses

Hi,

On 10/22/2015 04:19 PM, midpoint at mybtinternet.com wrote:
>   A number of directories, including OpenDJ, IBM, etc, support schema 
> definition using a unique string instead
>   of OID (dotted notation). This makes the process easier, less prone 
> to error, and you don't have to track
>   OID numbers actively.

Yes. It is also violation of LDAP stadard as far as I'm aware. But I 
know very well that this is common practice. The problem was that as 
this is a violation of LDAP standard then the Apache Directory API 
(which we use for LDAP access) haven't supported it. I have fixed the 
Apache Directory API to tolerate non-numeric OIDs. But that happened 
after the midPoint 3.2 release. And actually the Apache Directory API 
with that fix was release just this week. Therefore the LDAP connector 
in midPoint 3.2 does not support it yet. The most recent development 
version of the connector does support it. If you are interested you can 
build that connector yourself from the source code:
https://github.com/Evolveum/connector-ldap
Or you can use development snapshot from our nexus:
http://nexus.evolveum.com/nexus/service/local/repositories/snapshots/content/com/evolveum/polygon/connector-ldap/1.4.2.0-SNAPSHOT/connector-ldap-1.4.2.0-20151020.202328-48.jar

>   In 3.1.1 with the old connector the first definition worked and I 
> have used this syntax for several years;
>   hope we do not have to regress ...

LDAP connector in midpoint 3.1.1 was a totally different connector. The 
connector in midPoint 3.1.1 was a based on Sun JNDI and it was quite 
antiquated. Use of JDNI is also a development dead end. MidPoitn 3.2 has 
a completely new generation of LDAP connector. It is explained here: 
https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Migration

The problem with this regression was, that we were testing midPoint with 
LDAP servers that are LDAP-compliant. Since the release of 3.2 we have 
also added some non-compliant servers to the testing suites. But still, 
the amount of weirdness that some LDAP servers (and schema extensions) 
can provide can still come with a surprise. So I really appreciate any 
reports of issues with the new LDAP connector.

-- 
Radovan Semancik
Software Architect
evolveum.com

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint




More information about the midPoint mailing list