[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: debugging

To: Tim Mooney <Tim.Mooney@ndsu.edu>, openldap-technical@openldap.org
Subject: RE: debugging
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 15 May 2015 13:01:36 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge02.zimbra.com DF47AA62BA
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1431720105; bh=H4pWao849YNutq6mRS5PVYU5U+h/IRccrGk3EGt+JC4=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=IQFUKkSsjAILRFv4KPNdjmKBy5r4QVN5Ug6EORiYtEkbHqe20tW2tPuBnd1NiQi7a LkY/ahshkn3rXu4lgihLhQbTWEQMUMd+oewJFY/u2mCN+S1dhoI9JMmB8EFdwKWHUk cRcgvZUOX1Q13yp/KbbEouCinlcoaZNaz3HrYVNA=
In-reply-to: <alpine.SOC.2.11.1505151441030.3140@dogbert.cc.ndsu.NoDak.edu>
References: <SN1PR08MB1743E21047D602C79D5C3FA8B3DA0@SN1PR08MB1743.namprd08.prod.outlook.com> <BB409F882A9F6F3E1C5D7DE2@[192.168.1.9]> <SN1PR08MB174398248BC4AA53A1AC91BCB3D90@SN1PR08MB1743.namprd08.prod.outlook.com> <E21DBCC64A2A6C5678FFD909@[192.168.1.9]> <alpine.SOC.2.11.1505151441030.3140@dogbert.cc.ndsu.NoDak.edu>

--On Friday, May 15, 2015 3:51 PM -0500 Tim Mooney <Tim.Mooney@ndsu.edu>wrote:

In regard to: RE: debugging, Quanah Gibson-Mount said (at 11:13am on
May...:

--On Wednesday, May 13, 2015 6:24 PM +0000 Craig White
<CWhite@skytouchtechnology.com> wrote:

The above log line clearly indicates the client issued a search using a
base of cn=accesslog.  This would be a bug in the java code. ----
Thanks - that was valuable. Despite all configuration to JNDI which says
where to search, the application is choosing to search 'cn=accesslog' -
that was we needed to know.


Using JNDI for LDAP is a very, very bad idea.


On this, I'll take your word and Howard's second as "gospel".

For my own edification and possibly the benefit of the archives, though,
can you go into the reasons *why* it's a bad idea?  I'm not a Java
developer but I have some down the hall from me, so I would like to be
able to back up "it's a very, very bad idea" with more than just "because
Quanah and Howard say so".  That's enough for me, but not for some.

Our Java developers are apparently using something called "ldaptive"
from Virginia Tech, which defaults to using JNDI but can actually sit
on top of the Unbound ID SDK or possibly others.

Years of experience of using JNDI and dealing with its multitude of bugsand the fact the LDAP portion of JNDI is generally unmaintained. Thedevelopers who worked on it left Sun/Oracle and went and created UnboundID,but did it from scratch and were able to fix the many deficiencies inJNDI's ldap bits.


see also: <http://www.sfu.ca/~hillman/zimbra-hied-admins/msg00458.html>

for a bug that's *years* old and remains unfixed.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- RE: debugging
  - From: Tim Mooney <Tim.Mooney@ndsu.edu>

References:
- debugging
  - From: Craig White <CWhite@skytouchtechnology.com>
- Re: debugging
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: debugging
  - From: Craig White <CWhite@skytouchtechnology.com>
- RE: debugging
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: debugging
  - From: Tim Mooney <Tim.Mooney@ndsu.edu>

Prev by Date: RE: debugging
Next by Date: OpenLDAP - 2.4.39 , 2-way multimaster replication freezes
Index(es):
- Chronological
- Thread