Spring Security
  1. Spring Security
  2. SEC-1074

Support ldap-server with disabled schema checking

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 RC1
    • Component/s: LDAP
    • Labels:
      None

      Description

      The <ldap-server> tag (see http://static.springframework.org/spring-security/site/reference/html/ldap.html#d4e1399) allows starting an embedded Apache DS instance.

      The instance has a rudimentary default configuration and that includes a basic schema and has schema checking turned on.

      If someone wants to load LDIF data that goes beyond that basic schema, this results in an error.

      I suggest adding support for running the Apache DS instance with schema checking disabled. This can be accomplished by removing the SchemaService interceptor from the interceptorConfigurations list (see this post on the Apache Directory users mailing list: http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html).

      This behaviour could be regulated by a new attribute of the ldap-server element, named "schemaService" (boolean), defaulting to "true".

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          The ldap-server element is also intended for use with an external server so I'd prefer to avoid having excessive configuration options for the embedded server. It is only intended for basic testing and I want to keep it as simple as possible and not have anything ApacheDS specific there. People can also use their own ApacheDS Spring configuration (they have a namespace too, now) if they want to run an embedded server.

          I'm not sure of the exact implications here (the link to the mailing list you've posted is now out of date), but I don't have any objection to modifying the default configuration to remove the schema checking. Could you post an updated link to the message you were referring to, please?

          Show
          Luke Taylor added a comment - The ldap-server element is also intended for use with an external server so I'd prefer to avoid having excessive configuration options for the embedded server. It is only intended for basic testing and I want to keep it as simple as possible and not have anything ApacheDS specific there. People can also use their own ApacheDS Spring configuration (they have a namespace too, now) if they want to run an embedded server. I'm not sure of the exact implications here (the link to the mailing list you've posted is now out of date), but I don't have any objection to modifying the default configuration to remove the schema checking. Could you post an updated link to the message you were referring to, please?
          Hide
          Aleksander Adamowski added a comment -

          The link's OK, but JIRA has decided that the parenthesis is a part of it. Here's the link again:

          http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html

          Show
          Aleksander Adamowski added a comment - The link's OK, but JIRA has decided that the parenthesis is a part of it. Here's the link again: http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html
          Hide
          Luke Taylor added a comment -

          I've modified ApacheDSContainer to use a customized list of interceptors for DefaultDirectoryService. It no longer has the SchemaInterceptor in the list, which should presumably satsify this requirement.

          Show
          Luke Taylor added a comment - I've modified ApacheDSContainer to use a customized list of interceptors for DefaultDirectoryService. It no longer has the SchemaInterceptor in the list, which should presumably satsify this requirement.
          Hide
          Luke Taylor added a comment -

          Wrong fix version

          Show
          Luke Taylor added a comment - Wrong fix version

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Aleksander Adamowski
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: