I wanted to wait a bit to gauge community interest on this before spending a bunch of time on it. It appears that it is there. The other constraint is time, as in not enough of it. I’d be open to a combined effort to speed thing up.
> On Sep 26, 2016, at 9:20 AM, Brian Demers <[email protected]> wrote: > > I'm all for a improved LDAP realm. The points in the stackoverflow posts are > also valid. > > Sonatype's Nexus did something similar with their LDAP realm. We had > templates for common schemas and usage patterns, authentication only, AD, > Posix with dynamic or without static groups, etc. > https://books.sonatype.com/nexus-book/reference/ldap-sect-user-group-mapping.html > > NOTE: The Nexus solution used an API that also supported writes, so something > done in Shiro would not need to be as involved (I would guess) > > > If anyone wants to take this on send us a pull request! > -Brian > > On Sun, Sep 25, 2016 at 7:55 PM, opticyclic <[email protected]> wrote: > I think once #3 and #4 are done then #5 almost comes automatically as the > user can add the various filters in the ini for the different uses cases. > However, there should be a useful set of defaults that work most of the > time. > In that case, #5 could be implemented as a series of default search filters > or one big search filter that included lots of OR statements to account for > searching for all the common use cases. > > I am for this new realm and I already posted on stackoverflow before seeing > this thread > http://stackoverflow.com/questions/39679428/is-there-a-generic-way-to-search-for-ldap-groups-with-shiro > > As you can see, I was disappointed to not find #3, 4, 5 already included in > DefaultLdapRealm. > > With that in mind, could you do it so that 3,4,5 are done in > DefaultLdapRealm and then extend it to add #1 in the subclass? > > That way most of the features are available by default and the subclass is > an optional alternative that uses the Apache LDAP API instead of JNDI. > > I haven't mentioned #2 as I'm not sure if that depends on the API or can be > done with JNDI too. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/New-LDAP-Realm-Proposal-tp7581200p7581291.html > Sent from the Shiro User mailing list archive at Nabble.com. >
