Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1074: Support ldap-server with disabled schema checking #1325

spring-issuemaster opened this Issue Jan 4, 2009 · 4 comments


None yet
1 participant

Aleksander Adamowski(Migrated from SEC-1074) said:

The tag (see http://static.springframework.org/spring-security/site/reference/html/ldap.html#d4e1399) allows starting an embedded Apache DS instance.

The instance has a rudimentary default configuration and that includes a basic schema and has schema checking turned on.

If someone wants to load LDIF data that goes beyond that basic schema, this results in an error.

I suggest adding support for running the Apache DS instance with schema checking disabled. This can be accomplished by removing the SchemaService interceptor from the interceptorConfigurations list (see this post on the Apache Directory users mailing list: http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html).

This behaviour could be regulated by a new attribute of the ldap-server element, named “schemaService” (boolean), defaulting to “true”.

Luke Taylor said:

The ldap-server element is also intended for use with an external server so I’d prefer to avoid having excessive configuration options for the embedded server. It is only intended for basic testing and I want to keep it as simple as possible and not have anything ApacheDS specific there. People can also use their own ApacheDS Spring configuration (they have a namespace too, now) if they want to run an embedded server.

I’m not sure of the exact implications here (the link to the mailing list you’ve posted is now out of date), but I don’t have any objection to modifying the default configuration to remove the schema checking. Could you post an updated link to the message you were referring to, please?

Aleksander Adamowski said:

The link’s OK, but JIRA has decided that the parenthesis is a part of it. Here’s the link again:


Luke Taylor said:

I've modified ApacheDSContainer to use a customized list of interceptors for DefaultDirectoryService. It no longer has the SchemaInterceptor in the list, which should presumably satsify this requirement.

Luke Taylor said:

Wrong fix version

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment