cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DA...@Nationwide.com
Subject RE: LDAPTransformer
Date Fri, 20 Feb 2004 14:38:28 GMT
I apologize DEEPLY for the horrible formatting of my previous note.  I'm 
on Lotus Notes here at work, and it doesn't seem to cooperate.
Let me try again:
--------------------------------------------------------------------------------
Hi,

I have 2 "features" that I think would be of great value to the 
LDAPTransformer. I have already begun working on a patch to implement 
both.

1) In order to use SSL for LDAP (ldaps) while using a JDK prior to 1.4.2, 
I suggest that an additional optional attribute be added - 
"securityprotocol".

Please reference: 

http://java.sun.com/products/jndi/tutorial/ldap/security/ssl.html

This outlines 2 methods of making an ssl connects, one using the "ldaps" 
protocol, and the other using the "SSL Socket Property", which is not 
currently available in the LDAPTransformer.  Also please note on the page, 
the section on "Using the LDAPS URL" states explicitly that "LDAPS URLs 
are supported only in Java 2 SDK, v1.4.2 and later releases."

If this attribute were set, then it would get set in the env, i.e.

    if (securityprotocol != null) {
        env.put(Context.SECURITY_PROTOCOL, securityprotocol);
    }

2)  Each entry returned needs to have its DN included.  You can not 
reliably reconstruct the dn from the searchbase and an entry's attribute. 
In order to obtain the true dn, at the code level you have to do something 
like:

    String dn = sr.getName() + "," + ldapSearchBase;

What I'm still pondering is whether the dn should simply be returned as an 
another attribute (i.e. a sub-element of row-element), or if it should be 
elevated to an attribute of the row-element.

Comments on both of these are more than welcome.  And PLEASE let me know 
if anyone has already engaged either or both of these issues.  I did 
research both on Bugzilla and the cocoon-dev archives, and did not find 
anything addressing either of these.

Once I have my patch complete, I will submit it via Bugzilla.

Regards,
David Day


Mime
View raw message