You are viewing a plain text version of this content. The canonical link for it is here.

Posted to api@directory.apache.org by Nick Weaver <NW...@caliberpublicsafety.com> on 2019/04/15 14:01:38 UTC

LDAP API Enhancement Suggestions

Hello,  

  

I've been making use of the LDAP API that's part of the Directory project for
some integration between the program I work with and external LDAP servers,
mainly Active Directory.  The API is easy to understand and use, but it's
missing a small bit of functionality I require; while SASL authentication
works, I didn't find any support for encrypting/decrypting payloads on a
connection that negotiates authentication with integrity and privacy
protection.  I found the SaslFilter class in the DS sub-project and modified
it to work with a SaslClient and modified the LdapNetworkConnection class to
add the SaslFilter once SASL authentication has been confirmed.  I've attached
a file with the modified SaslFilter class, works great for me using
GSSAPI/Kerberos encryption.  So my suggestions:  

  

(1) Add the SaslFilter or your own version of the functionality to the API
(what I have works but you know your API better than I do)  

(2) Possibly add a method to LdapNetworkConnection that enables adding custom
filters to the session post-authentication  

  

Thanks,  

Nick Weaver  

Harriscomputer

|

**Nick Weaver  
** Software Engineer  
P: 336-397-5300 x64308  
F:  
E: NWeaver@caliberpublicsafety.com

|

![](cid:Caliber_PS_left_CMYK_247aef3c-9961-4e6c-a9f4-053e52f0093f.jpg)

|

  
  
, North Carolina  
  
[www.caliberpublicsafety.com](http://www.caliberpublicsafety.com)  
  
---|---|---  
  
This message has been sent on behalf of a company that is part of the Harris
Operating Group of Constellation Software Inc. These companies are listed
[here](http://subscribe.harriscomputer.com/).  
If you prefer not to be contacted by Harris Operating Group [ please notify
us](http://subscribe.harriscomputer.com/).  
  
This message is intended exclusively for the individual or entity to which it
is addressed. This communication may contain information that is proprietary,
privileged or confidential or otherwise legally exempt from disclosure. If you
are not the named addressee, you are not authorized to read, print, retain,
copy or disseminate this message or any part of it. If you have received this
message in error, please notify the sender immediately by e-mail and delete
all copies of the message.  
  
---

Re: LDAP API Enhancement Suggestions

Posted by Emmanuel Lécharny <el...@gmail.com>.

Hi Nick,


thanks for the suggested improvement !


Sadly, the attached code has been striped of by the spam filter. May I 
suggest you create a JIRA 
(https://issues.apache.org/jira/projects/DIRAPI) and attach the patch 
into it ?


Many thanks !