Menu
I'm working on a Java web application that integrates with a few other external applications that are deployed along with it. Authentication information must be synchronized across everything and the other applications want to authenticate against LDAP. The application will be deployed in environments where there will be no other LDAP server for everything to use; I have to provide it. My solution so far has been to use Penrose Server as a standalone app, which I set up to examine tables in the main application's database and publish LDAP based on that. It works well, but it would be nice to have something that can be embedded into the main application itself to simplify deployment.
It looks like Penrose can be embedded, but the documentation can be a bit spotty or out-of-date (though it seems to be actively developed). It could be an acceptable solution, but if there is another out there that is known to work well in an embedded configuration I might want to check it out.
I'm also concerned about GPL issues with Penrose. I'm not at liberty to GPL the source code for the application. I don't believe it was an issue running it standalone, but embedding it may be no-no... anybody know for sure? A permissive license would be good in order to avoid these issues.
Requirements:
So far I've briefly looked at ApacheDS and OpenDS which seem to be embeddable.
Does anyone have experience with this kind of thing?
882
Spring Boot provides auto-configuration for an embedded server written in pure Java, which is being used for this guide. The ldapAuthentication() method configures things so that the user name at the login form is plugged into {0} such that it searches uid={0},ou=people,dc=springframework,dc=org in the LDAP server.
A user profile in the same organizational unit as the user's LDAP object but with the name cn=LDAP Profile . For example, dc=com/dc=example/cn=Sales/cn=LDAP Profile . A user profile in any parent organizational unit with the name cn=LDAP Profile . For example, dc=com/dc=example/cn=LDAP Profile .
LDAP — or lightweight directory access protocol — is a protocol for accessing directory information services where information such as users and groups is stored.
The embedded LDAP server is the default security provider database for the WebLogic Authentication, Authorization, Credential Mapping and Role Mapping providers.
You should take a look at Apache DS. I just started using it as an embedded server to setup a JUnit test. It's working good so far, the only thing stopping me right now is my limited LDAP knowledge. ApacheDS looks like a decent project and I think it's worth the effort.
96
As this question has been unanswered for quite some time, I'd like to suggest that you also take the commercial license of Penrose into account - it's got a dual license for people just like you, when the GPL implications are prohibitive. I don't know their prices and model, but it might be easier and cheaper to go with a solution that you already know than to get used to another solution that you need to get used to. You can either pay with your money or with your time...
Also - for the records, not applying in this case: When projects use the GPL and you'd like to embed them in a non-GPL way, it might pay to ask the developers for a more permissive license. Some people publish under GPL not thinking about the implications. You might get them to changing the license if this means broader usage of the project. Others specifically want the GPL-implications, but it's always good to ask. Penrose has already thought about this and offers a commercial license.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
