directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <m...@stefan-seelmann.de>
Subject Re: Toward a 2.0 GA
Date Fri, 11 Jan 2019 19:03:47 GMT
On 1/11/19 11:09 AM, Emmanuel L├ęcharny wrote:
> Hi guys,
> 
> 
> I'm currently checking all the pending JIRAs, trying to evaluate those
> that need to be closed in the coming release, those that are invalid,
> and those that need to be postponed.
> 
> While doing that, I see there are quite a few important ones related to
> TLS and security checks that probably need to be addressed before we cut
> a 2.0 GA (which means the next release with still be a milestone).
> 
> Here are the JIRA I'm interested in, ordered accordingly to some release
> roadmap (mine ;-) :
> 
> To be fixed for the next milestone
> ----------------------------------
> DIRAPI-69, API does not allow StartTLS hostname verification
> DIRAPI-72, Provide a default TrustManager for hostname verification to
> comply with RFC 2830 Section 3.6
> DIRAPI-298, Inconsistent SASL bind API : add the missing bindGssApi()
> method
> DIRAPI-299, Unable to change expired password unless logging in as admin.

I promised a mail regarding TLS some while ago but never wrote it. But
that are the points.

DIRAPI-301 you already fixed, so now the default JVM trust manager is
just, thanks for that.

The hostname verification should also be implemented, I agree. In Studio
that is implemented [1] by using DefaultHostnameVerifier from Apache
HTTP client library which is anyway included in Eclipse. This class does
not exacly what is defined in the LDAP RFC but better than nothing. If
we implement our own verifier in the LDAP API we can change it.

[1]
https://github.com/apache/directory-studio/blob/remove-jndi-provider-and-jndi-layer/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/StudioTrustManager.java#L157

> To be fixed for 2.0GA
> ---------------------
> DIRAPI-136, Add the TLS closure alert support in the API
> DIRAPI-149, LdapNetworkConnection should not create user-Threads
> DIRAPI-202, Can't get LdapConnectionTemplate working
> DIRAPI-237, Make the API threadsafe
> DIRAPI-299, Unable to change expired password unless logging in as admin.
> DIRAPI-300, Weird batchResponse when batchRequest contains grammar error
> DIRAPI-320, ClassCastException on Objects.equals(Value,Value) for
> userPassword attribute

Sounds good. I don't plan beyond that :)

Mime
View raw message