1

According to Spring documentation, it's possible to configure an embedded ApacheDS server, which makes testing easy. Any reason why not use ApacheDS embedded with spring in deployment? is there some kind of limitation for that?

Also I noticed it's writing to temp directory /tmp/apacheds-spring-security. Is there a way to configure it?

Elad Tabak
  • 2,317
  • 4
  • 23
  • 33

1 Answers1

0

I already participated in a project where embedded ApacheDS server was used in development and deployment (for test server). There was two minor problems:

  • If you stop your app incorrectly (for example via Terminate in debug mode or via kill -9) then you need to clean up /tmp/apacheds-spring-security directory manually. If you leave temporary files then an runtime exception will be thrown during next loading of your app.
  • We did not find how to change the default temporary directory (/tmp/apacheds-spring-security).

Hope this helps.

EDIT. For the first problem I ended up with a servlet-api listener. It was declared before Spring context listener (to ensure execution before Spring and ApacheDS). This listener was responsible for checking and cleaning up /tmp/apacheds-spring-security. Maybe it is not the most elegant solution but it works. It will be better to have a param for this case in ApacheDS, something like -DapacheDSCleanUpWorkDirAtStutup=true.

Maksym Demidas
  • 7,707
  • 1
  • 29
  • 36
  • 1
    For the first item you mentioned, I did not find a solution yet. But for changing the apacheds temp directory, I found a solution: you can run the server with -DapacheDSWorkDir= – Elad Tabak Jul 04 '13 at 06:44
  • For the first problem I ended up with a servlet-api listener. It was declared before Spring context listener (to ensure execution before Spring and ApacheDS). This listener was responsible for checking and cleaning up /tmp/apacheds-spring-security. Thank you very much for apacheDSWorkDir parameter! – Maksym Demidas Jul 04 '13 at 08:39
  • The real problem as I see it, is that it does not know how to start with an existing configuration. It means that each startup, every change regarding users in the apacheDS is wiped out, and you have to recreate all the changes. That said, you cannot rely on it for deployment (unless you write your own persistency and replicate all the changes, but that's kind of missing the point) – Elad Tabak Jul 08 '13 at 08:34
  • I think you can use it for deployment as is in a case when your application do not modify LDAP content. For example LDAP content is loaded from LDIF file at sturtup and then used only for authentication / authorization. If you want modify LDAP content in this situation then you need modify LDIF file and restart ApacheDS to take changes into account. – Maksym Demidas Jul 08 '13 at 09:23
  • Exactly. It's only good for static authentication (i.e. close set of users and roles). But then, if your users are static, what's the point of having an ldap server? – Elad Tabak Jul 09 '13 at 07:49
  • Emulate client's internal LDAP server that is not available for dev team during development. – Maksym Demidas Jul 09 '13 at 08:08