About four years ago, I started on a project using OpenLDAP and Apache LDAP API for ldap client applications. Due to requirements we moved away from using stored passwords and configured for client-side certificates (SASL/EXTERNAL). That is when I discovered that the Apache LDAP API did not support SASL/EXTERNAL and that there was an outstanding bug (DIRAPI-105) against that feature.
We undid the SASL/EXTERNAL requirement and failed our requirements with a promise to implement when available. Now I'm off of that project and onto a new one. Again, we have similar requirements. And still, after all these years DIRAPI-105 keeps getting kicked down the road. So, after that ticket being open for nearly 7 years, I'm just wondering if I should give up hope? It's been quite a long road from the Mxx releases into the RC1 and RC2 and now 1.0.0 and still not supported. I'm really wanting to implement this authentication mechanism (actually, I am anyway) and I'd really like to use the Apache LDAP API but I'm stuck with simple binds if I do. I'm talking about projects which are pretty big US Navy programs of record where this feature would be very valuable. But I'm just thinking that I need to move on with life. Maybe look at Oracle Unified Directory or something else. Any ideas on that? Thanks, -- Frank
