Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] Questions/Comments on JNDI CP

On #1, yep, that's the eventual intent.  If not for BrainShare, I'd have the name transform JavaScript policy driven already, even to the point of being able to do a lookup.  I'll see if I can create a sample that does that for the SelfIssuedMaterials case.

On #2, yep, +1.

Tom

>>> "Jim Sermersheim" <jimse@xxxxxxxxxx> 03/21/07 12:33 AM >>>
On #1, what operation(s) are you referring to?  The cuid (subjectID) isn't actually a username, it's an id unique within the context.  Or are you talking about IContext.open when passed an AuthNNamePasswordMaterials?
 
I think the intent (likely for both scenarios -- the name in AuthNNamePasswordMaterials, as well as the subject's ID) is to eventually use configuration / policy drive the associations.
 
On #2, JLDAP is only included because it has some nice LDAP filter capabilities.  No other aspects of it are used.  We think it's better to use JNDI because we hope to allow other (non-LDAP) JNDI Service Providers to be plugged in -- giving us access to even more identity stores.
 
Jim

>>> "Marc Boorshtein" <mboorshtein@xxxxxxxxx> 3/20/07 9:20 AM >>>
I had a few questions/comments on the JNDI CP:

1.  Why does the JNDI CP assume that the username will be the rdn (or
a part of the dn) of the user's object?  It is fairly common to have
the RDN be a non-username attribute (such as a unique id number).  Why
not use the typical pattern of "search for the user then bind".  This
also has the disadvantage or requiring all users to be in the same
subcontext of the DIT.

2.  I see jldap is a part of the JNDI CP packages, why use JNDI as
opposed to JLDAP?

Thanks
Marc
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx 
https://dev.eclipse.org/mailman/listinfo/higgins-dev



Back to the top