LDAP connection validation
Tom Poage
With this configuration, the ldaptive connection pool search validator by default queries the RootDSE (baseDn=“”). It looks like the validator search base DN cannot be configured though the Spring extension. Likewise, with the validator search filter and LDAP responseTimeout.
Our LDAP infrastructure happens to have a split directory tree; an LDAP proxy unifies the DITs. Consequently for us, the search validator does not hit the actual back ends containing credentials, meaning it’s theoretically possible (though unlikely) for the search validator to return “success” when all back ends are failed. The validateOnCheckOut setting looks to have the same limitation (baseDn=“”).
Q: I assume the “old” style of configuring LDAP with Spring Beans is still supported in 4.2.x (cf. https://gist.github.com/serac/5886858). Correct?
Q: Given Spring Boot in CAS 5, will it be possible to declare search validator search base, filter and responseTime? Or is code required?
Thanks.
Tom.
Misagh Moayyed
Our LDAP infrastructure happens to have a split directory tree; an LDAP proxy unifies the DITs. Consequently for us, the search validator does not hit the actual back ends containing credentials, meaning it’s theoretically possible (though unlikely) for the search validator to return “success” when all back ends are failed. The validateOnCheckOut setting looks to have the same limitation (baseDn=“”).
Q: I assume the “old” style of configuring LDAP with Spring Beans is still supported in 4.2.x (cf. https://gist.github.com/serac/5886858). Correct?
Correct.
Q: Given Spring Boot in CAS 5, will it be possible to declare search validator search base, filter and responseTime? Or is code required?
It is possible; just not accounted for. You’re welcome to submit an issue (and old style is also supported in 5)