[midPoint] New ldap connector and auxiliary objectClasses

Radovan Semancik radovan.semancik at evolveum.com
Fri Oct 23 16:25:32 CEST 2015 

Hi,

On 10/23/2015 03:20 PM, midpoint at mybtinternet.com wrote:
>    I agree with your principals around retrieving and interpreting the schema. However,
>    attribute names are not supposed to be case sensitive. I have worked with many
>    servers, and have only encountered one that was. I believe this was configurable
>    in that particular server.

Yes, that's right. They are not supposed to be case sensitive. But I 
think it is good practice for operations to use the same capitalization 
as is specified in the schema. I have seen some problems with this in 
the past. I'm not sure how much this applies to current LDAP servers, 
but it is perhaps better to stay on the safe side. And the same applies 
to object classes. Actually, I have seen a problem with objectclass name 
capitalization just a couple of days ago ...

>    As for the server that provided no syntax definitions; wow!! I have not encountered
>    that before ... do you mean when querying the server or no syntax period?

Actually, the attributeTypes definition provided syntax OID (otherwise 
it would be a complete disaster). But there was no ldapSyntaxes 
definition. None at all. Fortunately, the Apache Directory API still 
works with this. Just instead of attributeType.getSyntax().getOid() I 
had to use attibuteType.getSyntaxOid() - which seems to be the same but 
it is not. The former takes OID from ldapSyntaxes definition, the latter 
takes it from attributeTypes definition. So obviously, the former fails 
if there are no ldapSyntaxes definition. Simple fix, but unless you 
encounter a server like that it is hard to believe that this can 
actually happen ...

So, the bottom line is that the more LDAP servers are tested with the 
new LDAP connector the more robust it will become. For now we have 
tested it with OpenLDAP, OpenDJ, OpenDS, 389ds, eDirectory and Active 
Directory. I'd appreciate reports of connector success/failure with any 
other directory server.

-- 
Radovan Semancik
Software Architect
evolveum.com

More information about the midPoint mailing list