I think once #3 and #4 are done then #5 almost comes automatically as the user can add the various filters in the ini for the different uses cases. However, there should be a useful set of defaults that work most of the time. In that case, #5 could be implemented as a series of default search filters or one big search filter that included lots of OR statements to account for searching for all the common use cases.
I am for this new realm and I already posted on stackoverflow before seeing this thread http://stackoverflow.com/questions/39679428/is-there-a-generic-way-to-search-for-ldap-groups-with-shiro As you can see, I was disappointed to not find #3, 4, 5 already included in DefaultLdapRealm. With that in mind, could you do it so that 3,4,5 are done in DefaultLdapRealm and then extend it to add #1 in the subclass? That way most of the features are available by default and the subclass is an optional alternative that uses the Apache LDAP API instead of JNDI. I haven't mentioned #2 as I'm not sure if that depends on the API or can be done with JNDI too. -- View this message in context: http://shiro-user.582556.n2.nabble.com/New-LDAP-Realm-Proposal-tp7581200p7581291.html Sent from the Shiro User mailing list archive at Nabble.com.
