[midPoint] LDAP-based AD connector (was: Re: New ldap connector and auxiliary objectClasses)

Radovan Semancik radovan.semancik at evolveum.com
Sun Oct 25 10:56:57 CET 2015 

On 10/23/2015 09:59 PM, Jason Everling wrote:
> A built-in AD connector? Wow, that is great! Does that mean we would 
> not have to rely on a connector server anymore?

Yes. This is still quite fresh. We have built-in LDAP-based AD connector 
now. I consider the code to be experimental. I'm not aware of any 
problems though. We have tested the connector and it seems to work quite 
well. The "experimental" status is given by a limited amount of testing 
that we have done yet.

Even though the connector is fresh I would encourage anyone to try it 
and test it. It should work well for pure LDAP-based provisioning nad 
synchronization (based on AD DirSync control). Currently it has no 
support for scripting. But I'm looking at the possibilities here and it 
looks like the scripting might be feasible. Therefore it is likely that 
that will come later.

This can be used as a starting point:
https://github.com/Evolveum/midpoint/blob/master/testing/conntest/src/test/resources/ad-ldap/resource-localhost.xml
There is no documentation yet. And obviously, it is only available in 
midPoint development master. Or if you take the latest connector-ldap 
source code and build it (this should theoretically work also in 
midPoint 3.2, but I do think anybody actually tried it yet).

You should use new connector if:
* You do not like the connector server (and who does?)
* LDAP access to AD can do what you need to do.
* You are OK with finding a bug or two and reporting them

You should stay with the old connector if:
* You need scripting
* You need support for Exchange
* You need a very stable and tested code

The old AD connector is still the one that is supported for production 
use. For now. But we do not plan to invest much work into that 
connector. The new LDAP-based connector is the way forward. Even though 
today it is a way only for the brave. But that will change in the future.

-- 
Radovan Semancik
Software Architect
evolveum.com

More information about the midPoint mailing list