[GLASSFISH-16475] Enhance existing LDAP Realm or define a new LDAP Realm which handles Failover... Created: 27/Apr/11  Updated: 25/Apr/14

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 4.0
Fix Version/s: future release

Type: New Feature Priority: Major
Reporter: kumarjayanti Assignee: JeffTancill
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Enhance existing LDAP Realm or define a new LDAP Realm which handles Failover and a few other features requested by developers on GF mailing lists. Here are the specific feature requests by GlassFish developers on mailing lists :

1. Failover (among list of replicas/backups),
2. possibly support a Split-LDAP (where part of the user-db is in one store and part of it is in another). This one would be lower priority for us.
3. fix problem with current LDAPRealm w.r.t UserSearch and Anonymous Login :http://forums.java.net/node/735641

The LDAP Login Module in JDK : (http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html)
has support for specifying a list of LDAP URL's (in support for item 1 and developers have indicated that it does not have problem 3 as well).

So one approach is to define a new LDAPRealm that makes use of this JDK LDAP Login Module. Then Parity with existing LDAPRealm in GlassFish in terms of its features will not be an issue. Such a realm can then be provided to developers as a separate download rather than make it part of GlassFish V3.2 code base.



 Comments   
Comment by kumarjayanti [ 27/Apr/11 ]

ADMIN GUI/CLI Impact
------------------

None. Since the Security Module is the one that defines the list of Pre-Defined Realms as a CLI, so the security team would take care of it should we decide to include this as a new Pre-Defined Realm.

The other approach is to fix the existing LDAPRealm in GlassFish to additionally support all these features in which case again there is no Impact on Admin GUI/CLI.

Generated at Thu Mar 05 14:54:51 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.