Hi !
On 05/05/2020 08:31, Christopher Cudennec wrote:
Hello everyone!
Since this is my first post on this list, I want to say thank you for
your great project!
We want to use ApacheDS as a proxy to another LDAP server and try to
adapt the examples for writing custom interceptors. Can you help us
with the following questions?
(1) Is there a preferred way of registering the new interceptor?
There seems to be some kind of lifecycle management, someone needs to
call the “init” method of the interceptor.
This is done by the DefaultDirectoryServer.initInterceptors() method
which is called when the DS is initialized.
Of course, your interceptor must be in the list of interceptors. We set
a list of default interceptors in setDefaultInterceptorConfigurations()
(if no list is defined), or the addLast() method is called for each
interceptor defined in the config, in the order they are defined.
When adding the new interceptor the the directory service’s
interceptors list by “setInterceptors” the init method is not invoked.
Yes. The interceptors must have been defined before the DS is started.
If you add interceptors after the DS is initialized, then you must call
the interceptor init() function explicitely.
We also tried “addAfter” but that method does something slightly
different. I think it would be nice to have one main entry point for
adding new interceptors.
BTW: “addAfter” of “DefaultDirectoryService” contains a bug. It adds
the new interceptor /before/ and not after another interceptor.
Can you fill a JIRA for that ?
(2) Why does AuthenticationInterceptor not pass “bind” to the next
interceptor?
Because once the authentication is done, there is no reason to do
anything else. But we can change that, because at the end, it does not
matter if no other interceptors are handling the bind event.
Is there a minimum set of interceptors that are absolutely needed for
the LDAP server to work correctly? As AuthenticationInterceptor also
deals with creating a session I would like to reuse the code. But when
I add my proxy interceptor after AuthenticationInterceptor it will not
be invoked for “bind”.
The default list is enough :
list.add( new NormalizationInterceptor() );
list.add( new AuthenticationInterceptor() );
list.add( new ReferralInterceptor() ); // can be disabled if
yiou don't have any referral
list.add( new AciAuthorizationInterceptor() ); // can be
disabkled
list.add( new DefaultAuthorizationInterceptor() );
list.add( new AdministrativePointInterceptor() );
list.add( new ExceptionInterceptor() );
list.add( new SchemaInterceptor() );
list.add( new OperationalAttributeInterceptor() );
list.add( new CollectiveAttributeInterceptor() ); // can be
disablled if you don't have collective attributes
list.add( new SubentryInterceptor() );
list.add( new EventInterceptor() ); // Can be disabled
if you don't have any listener
list.add( new TriggerInterceptor() ); // can be disabled
list.add( new ChangeLogInterceptor() ); // can be disabled
list.add( new JournalInterceptor() ); // can be disabled
(3) What class of ApacheDS is responsible for creating the messageId
and at which point is it created?
The messageID is created by the client, not the server.
(4) Can we also use Github for contributions?
Sure, https://github.com/apache/directory-server
We already have Github accounts so that would be much easier for us. 😊
Thank you very much and best regards,
Christopher
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
