shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] Commented: (SHIRO-127) Improvements to Shiro's LDAP support
Date Thu, 22 Jul 2010 22:53:50 GMT


Emmanuel Lecharny commented on SHIRO-127:

Checking the code at, it's *very* likely that you'll have a lot
of troubles if you don't take care of some few points :

- code like (line 190) :
    if (attr.getID().equals("memberOf")) {
won't work if the attr stores the ID in uper case, or all in lower case. attr.getID() may
return one of those values :
* memberof
* MemberOf
* MeMbErOf
* the OID (I don't know what is the memberOf's OID, but be ready to deal with things like

- when creating a NamingEnumeration, *always* close it, otherwise you'll get some nasty errors
(like very long delay if you are using a Ldap connection pool). Good luck to find the origin
of those delays if you don't know that NE must be closed ...

try {
  <use a NamingEnumeration>
} finally {
  <close the NamingEnumeration>
- filters like (line 171) :
String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";
is strictly equivalent to 
String searchFilter = "(userPrincipalName={0})";

Of course, check that the userPrincipalName is indexed, otherwise a search using this filter
will do a full scan...

- be *very* careful when manipulation a DN. For the same reason than in point #1, a DN may
have multiple forms. Using the DN as a String is likely to carry some strange errors too (like
you don't find a match with a given DN). Comparing 2 DNs is *not* something simple, you won't
be able to whip it in less than one week, trust me on that.

If you want a way to identify an entry by an invariant value, don't use the DN, use the entryUUID
attribute. It's unique, it's invariant, it's case non sensitive.

> Improvements to Shiro's LDAP support
> ------------------------------------
>                 Key: SHIRO-127
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>            Reporter: Philippe Laflamme
>         Attachments: shiro-127.patch
> Following this mailing list discussion:

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message