[Pki-devel] UnboundID Java LDAP SDK
Nathan Kinder
nkinder at redhat.com
Thu Feb 16 23:32:01 UTC 2012
On 02/16/2012 02:25 PM, Andrew Wnuk wrote:
> On 02/16/2012 01:55 PM, Nathan Kinder wrote:
>> We might want to look into what can be gained by switching from using
>> the Mozilla LDAP JDK in Dogtag to the UnboundID Java LDAP SDK. The
>> UnboundID SDK is actively maintained, and has support for quite a few
>> things that the Mozilla LDAP JDK is lacking. I also found this blog
>> posting by Neil Wilson (the main developer of the UnboundID SDK),
>> which shows performance comparisons of many Java LDAP SDKs, including
>> Mozilla's:
>>
>>
>> http://www.dirmgr.com/blog/2011/5/31/comparing-java-ldap-sdk-performance.html
>>
>> I'd recommend looking at the above blog post to see the results, but
>> the UnboundID SDK is significantly faster than the Mozilla LDAP JDK
>> in all tests.
>>
>> The UnboundID Java LDAP SDK would need to be packaged for Fedora, but
>> that would be a pretty easy undertaking. It is available under GPLv2
>> and LGPLv2.1. I do not know how big an effort porting would be, but
>> it may very well be worthwhile to switch. I've opened the following
>> ticket in trac to look into this some more:
>>
>> https://fedorahosted.org/pki/ticket/102
>>
>> -NGK
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
> From the very brief look at UnboundID, its crypto implementation may
> not be flexible enough.
It looks like the LDAPConnection class in the UnboundID SDK just needs a
SocketFactory passed in for SSL/TLS support:
http://www.unboundid.com/products/ldapsdk/docs/javadoc/com/unboundid/ldap/sdk/LDAPConnection.html
It seems to me that it would be pretty easy to write a SocketFactory
that uses JSS to create the sockets (if this isn't done elsewhere
already). Doing a search on this, I see that Adam did this in a test
previously last year:
http://adam.youglogic.com/2011/09/jss-sockets-and-httpclient
Would there be value in adding a SocketFactory class to JSS itself? It
could be useful to other projects.
-NGK
>
> Andrew
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list