directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Crow <>
Subject SASL/EXTERNAL binding
Date Thu, 16 Nov 2017 17:35:47 GMT
About four years ago, I started on a project using OpenLDAP and Apache LDAP
API for ldap client applications.   Due to requirements we moved away from
using stored passwords and configured for client-side certificates
(SASL/EXTERNAL).   That is when I discovered that the Apache LDAP API did
not support SASL/EXTERNAL and that there was an outstanding bug
(DIRAPI-105) against that feature.

We undid the SASL/EXTERNAL requirement and failed our requirements with a
promise to implement when available.   Now I'm off of that project and onto
a new one.   Again, we have similar requirements.   And still, after all
these years DIRAPI-105 keeps getting kicked down the road.

So, after that ticket being open for nearly 7 years, I'm just wondering if
I should give up hope?  It's been quite a long road from the Mxx releases
into the RC1 and RC2 and now 1.0.0 and still not supported.   I'm really
wanting to implement this authentication mechanism (actually, I am anyway)
and I'd really like to use the Apache LDAP API but I'm stuck with simple
binds if I do.

I'm talking about projects which are pretty big US Navy programs of record
where this feature would be very valuable.   But I'm just thinking that I
need to move on with life.   Maybe look at Oracle Unified Directory or
something else.

Any ideas on that?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message