SEC-1074: Support ldap-server with disabled schema checking #1325

Closed
spring-issuemaster opened this Issue Jan 4, 2009 · 4 comments

1 participant

@spring-issuemaster

Aleksander Adamowski (Migrated from SEC-1074) said:

The tag (see http://static.springframework.org/spring-security/site/reference/html/ldap.html#d4e1399) allows starting an embedded Apache DS instance.

The instance has a rudimentary default configuration and that includes a basic schema and has schema checking turned on.

If someone wants to load LDIF data that goes beyond that basic schema, this results in an error.

I suggest adding support for running the Apache DS instance with schema checking disabled. This can be accomplished by removing the SchemaService interceptor from the interceptorConfigurations list (see this post on the Apache Directory users mailing list: http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html).

This behaviour could be regulated by a new attribute of the ldap-server element, named “schemaService” (boolean), defaulting to “true”.

@spring-issuemaster

Luke Taylor said:

The ldap-server element is also intended for use with an external server so I’d prefer to avoid having excessive configuration options for the embedded server. It is only intended for basic testing and I want to keep it as simple as possible and not have anything ApacheDS specific there. People can also use their own ApacheDS Spring configuration (they have a namespace too, now) if they want to run an embedded server.

I’m not sure of the exact implications here (the link to the mailing list you’ve posted is now out of date), but I don’t have any objection to modifying the default configuration to remove the schema checking. Could you post an updated link to the message you were referring to, please?

@spring-issuemaster

Aleksander Adamowski said:

The link’s OK, but JIRA has decided that the parenthesis is a part of it. Here’s the link again:

http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html

@spring-issuemaster

Luke Taylor said:

I've modified ApacheDSContainer to use a customized list of interceptors for DefaultDirectoryService. It no longer has the SchemaInterceptor in the list, which should presumably satsify this requirement.

@spring-issuemaster

Luke Taylor said:

Wrong fix version

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment