Halfway converted

Clayton Donley makes a very compelling argument that there is significant value is using a virtual directory even if an application only needs to access a single directory. So call me converted on that point.

Also, I should not have said that it’s not that difficult to write vendor independent LDAP code. It can be very difficult depending on what features are used. As Clayton points out there can be very significant differences between vendors in what should be standard behavior. I suspect there is also significant differences between virtual-directories as well, but I haven’t played with them enough to say for sure.

I often fall into the trap of thinking like a COTS software developer (since that is what I am), and forget the legions of in-house enterprise software developers. For COTS developers, writing vendor neutral LDAP code shouldn’t be that hard and should be the goal. For custom application development writing to a virtual directory may make a lot more sense. Especially if your enterprise has already deployed a virtual-directory.

It would be nice if someone maintained a KB of vendor specific LDAP behavior. If anyone knows of one that exists, please let me know.

And yes, IGF is coming. But it’s not available yet even for Java, much less .NET and scripting language developers.


3 responses to “Halfway converted

  1. I think that application developers should not be writing implementation specific LDAP code. They should be relying on the application server middleware and security container to provide them the roles for their application. This is one of the problems with the way that applications are developed today. Developers should be using declarative security and insulating themselves from the security store by using the security capabilites of the platform that they are running on.

  2. That would be a fine approach for static roles. However LDAP is often used for many more things besides roles, such as profiles, authn, dynamic roles (rules), etc.

  3. I have done everything that you talk about using the underlying middleware and security components provided by the application server platform.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s