I'm all for a improved LDAP realm. The points in the stackoverflow posts are also valid.
Sonatype's Nexus did something similar with their LDAP realm. We had templates for common schemas and usage patterns, authentication only, AD, Posix with dynamic or without static groups, etc. https://books.sonatype.com/nexus-book/reference/ldap-sect-user-group-mapping.html NOTE: The Nexus solution used an API that also supported writes, so something done in Shiro would not need to be as involved (I would guess) If anyone wants to take this on send us a pull request! -Brian On Sun, Sep 25, 2016 at 7:55 PM, opticyclic <[email protected]> wrote: > I think once #3 and #4 are done then #5 almost comes automatically as the > user can add the various filters in the ini for the different uses cases. > However, there should be a useful set of defaults that work most of the > time. > In that case, #5 could be implemented as a series of default search filters > or one big search filter that included lots of OR statements to account for > searching for all the common use cases. > > I am for this new realm and I already posted on stackoverflow before seeing > this thread > http://stackoverflow.com/questions/39679428/is-there-a- > generic-way-to-search-for-ldap-groups-with-shiro > > As you can see, I was disappointed to not find #3, 4, 5 already included in > DefaultLdapRealm. > > With that in mind, could you do it so that 3,4,5 are done in > DefaultLdapRealm and then extend it to add #1 in the subclass? > > That way most of the features are available by default and the subclass is > an optional alternative that uses the Apache LDAP API instead of JNDI. > > I haven't mentioned #2 as I'm not sure if that depends on the API or can be > done with JNDI too. > > > > -- > View this message in context: http://shiro-user.582556.n2. > nabble.com/New-LDAP-Realm-Proposal-tp7581200p7581291.html > Sent from the Shiro User mailing list archive at Nabble.com. >
