directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arvind N <Arvin...@citrix.com>
Subject RE: Using LDAPConnection class...
Date Mon, 06 Sep 2010 14:34:55 GMT
> -----Original Message-----
> From: Emmanuel Lecharny [mailto:elecharny@gmail.com]
> Sent: Monday, September 06, 2010 7:54 PM
> To: api@directory.apache.org
> Subject: Re: Using LDAPConnection class...
> 
>   On 9/6/10 4:02 PM, Stefan Seelmann wrote:
> > AD accepts either
> > - the full DN, that looks typically like "cn=Arvind
> > N,cn=Users,dc=MyDomain,dc=com"
> > - or the samAccountName and the domain in format "Arvind N@DOMAIN"
> >
> > @Emmanuel, Kiran:
> > JXplorer makes the same as Apache Directory Studio: It uses JNDI and
> > JNDI accepts a non-DN as principal. I think we should allow the same
> > for the new API. WDYT?
> I wonder if the LDAP API screams if you use "Arvind N@DOMAIN" as a
> principal. Blind guess : we expect a DN, and we throw an excpetion if
> it's not. We can fix that.
> 
> In any case, there is no chance that what Arvin used can work, as it's
> nor a valid DN  (ie a full DN), nor a samAccountName. I guess that
> JExplorer is guessing about the root context to use (ie, it adds
> cn=Users, ... to the given DN).

@Kiran, Emmanuel, Stefan

First of all thanks for the responses..

I think JExplorer is letting the LDAP server (AD in this case) decide the KEY here.
In the ethereal trace I see it just sets the exact string of what I have provided without
putting a key to it as in

He does not do a 
...
DN: cn=Arvind N
..

Rather does a 
... 
DN: Arvind N
...

Also once I get the full DN I will try and use the same and verify if LDAPConnection works
fine.. 
Just checked out the API code to hack more and I see LDAPConnection is an interface now :(

LDAPNetworkConnection seems to have the magic now .. am I missing something ??

Thanks
~Arvind

Mime
View raw message