> On Aug 2, 2016, at 9:04 AM, Brian Demers <[email protected]> wrote: > > That is really cool, I'll have to take a closer look at fortress and it looks > like Apache Directory is picking up steam again (Apache DS was a great tool, > i'm looking forward to the updates) >
Yes the project has added many committers of late, along with new sub-projects like fortress (access management), kerby (kerberos implementation), and a SCIM component contributed by Penn State. Eventually apacheds will be fitted with a new backend (mavibot), which will improve stability and performance. > > On Aug 2, 2016, at 9:04 AM, Brian Demers <[email protected]> wrote: > > One caution I have about this is, I'm not sure what percentage of users will > have the ability to update their LDAP servers (in or outside an application). > So in my opinion anything requiring the 'ft' ObjectClasses would have to be > optional. > Good to know. Ideally, the object class and attribute mappings are defined in shiro’s config file, enabling different object classes to be used. It remains to be seen how practical that idea is. i.e. there’s more to permission data structure usage than schema definitions. In any case the ability to map to a variety of structures would be a work-in-progress. The apache ldap api has capabilities here that may be useful. I’ll start with the fortress model and go from there. Shawn
