I'm interested in a few of these, specifically #4, as I've seen a my share of users struggle to configure LDAP, especially when venturing outside of one of the more common schemas.
#3 naturally falls with #4 I did something similar with Sonatype's Nexus a while back, the code has moved around a bit since then, but you can still fine it: https://github.com/sonatype/nexus-oss/blob/nexus-2.11.x/components/nexus-ldap-common/src/main/java/org/sonatype/security/ldap/realms/AbstractLdapAuthenticationRealm.java NOTE: this code is EPL How are you planning on storing/querying permission ? On Mon, Aug 1, 2016 at 5:34 PM, David Jencks <[email protected]> wrote: > What is the “Apache LDAP API” you mention in (1)? Something you’re going > to write for this realm or something that already exists somewhere else? > > thanks > david jencks > > > On Aug 1, 2016, at 2:21 PM, Shawn McKinney <[email protected]> wrote: > > > > Hello, > > > > I am thinking about creating a new LDAP realm for Shiro that has the > following features: > > > > 1. usage of Apache LDAP API (rather than JNDI) > > 2. capability to perform permission based checks > > 3. capability for role based checks > > 4. declarative syntax for mapping to a variety of LDAP schemas > > 5. compatibility with any LDAPv3 impls including OpenLDAP, Apache > Directory Server, ActiveDirectory, etc > > > > But before I get started I wanted to gauge interest from the Shiro user > community. If the idea takes hold, I will likely create under my github > account, and if all goes well, will contribute back to this community. > > > > The value proposition is to have a fully functioning LDAP realm > available for those in need. > > > > WDYT? > > > > Shawn > >
