Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-3119

Allow to validate connections to LDAP with a different request than a request towards the Root DSE

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.3.2
    • None
    • auth-ldap
    • None

    Description

      In https://issues.apache.org/jira/browse/OAK-2897 the option was introduced to disable the validation of the LDAP connections in the pool.
      But I guess there is a good reason to validate those connections (to prevent all sort of connection issues afterwards).
      So what about making the request which is done to validate the connection configurable? Currently it only issues requests towards the Root DSE, which is often forbidden for specific users (https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/UnboundLookupConnectionValidator.java#L44).
      What about using a request towards the user base DN?

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OAK-2783 Make LDAP connection pool 'testOnBorrow' configurable

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: