[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: debugging



--On Friday, May 15, 2015 3:51 PM -0500 Tim Mooney <Tim.Mooney@ndsu.edu> wrote:

In regard to: RE: debugging, Quanah Gibson-Mount said (at 11:13am on
May...:

--On Wednesday, May 13, 2015 6:24 PM +0000 Craig White
<CWhite@skytouchtechnology.com> wrote:

The above log line clearly indicates the client issued a search using a
base of cn=accesslog.  This would be a bug in the java code. ----
Thanks - that was valuable. Despite all configuration to JNDI which says
where to search, the application is choosing to search 'cn=accesslog' -
that was we needed to know.

Using JNDI for LDAP is a very, very bad idea.

On this, I'll take your word and Howard's second as "gospel".

For my own edification and possibly the benefit of the archives, though,
can you go into the reasons *why* it's a bad idea?  I'm not a Java
developer but I have some down the hall from me, so I would like to be
able to back up "it's a very, very bad idea" with more than just "because
Quanah and Howard say so".  That's enough for me, but not for some.

Our Java developers are apparently using something called "ldaptive"
from Virginia Tech, which defaults to using JNDI but can actually sit
on top of the Unbound ID SDK or possibly others.

Years of experience of using JNDI and dealing with its multitude of bugs and the fact the LDAP portion of JNDI is generally unmaintained. The developers who worked on it left Sun/Oracle and went and created UnboundID, but did it from scratch and were able to fix the many deficiencies in JNDI's ldap bits.

see also: <http://www.sfu.ca/~hillman/zimbra-hied-admins/msg00458.html>

for a bug that's *years* old and remains unfixed.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration