Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Update ldaptive to 1.0.7

Description

Tracking the details related to a minor version update of ldaptive.

I used a tool called the Java API compliance checker to help better understand the API implications of this change.
See the attached report.

Environment

None

Attachments

1

Activity

Show:

Daniel Fisher October 22, 2015 at 3:58 AM

Reverted addition of AuthnEventsIds.AUTHN_ERROR in r7856.
Throw LdapException if authentication fails and account state isn't set.

Daniel Fisher October 16, 2015 at 4:04 AM

Fixed in:
1f0dbea590bc9f74854c276114729ee74fbe296c
and
r 7830

1.0.7 supports returning LDAP authentication responses in cases where the LDAP returns a result code that is not success or invalid credentials.
(More password policy implementations...)
ValidateUsernamePasswordAgainstLDAP now uses AuthnEventsIds.AUTHN_ERROR for this case.
A better name probably exists for this particular case.

Scott Cantor May 1, 2015 at 1:56 PM

That's the sort of determination that we'd need input on from the actual library author, which isn't always so easy to get. If we think the changes are such that it's low risk to update, then we can make a policy exception, but that doesn't mean the policy itself is wrong, it should guide us but not straitjacket us.

When I looked at the report, the only thing I could really learn without inside knowledge is, hey, lots of stuff changed and APIs were removed. I don't have the context to know how the changes impact people.

Daniel Fisher May 1, 2015 at 4:01 AM

In the case of ldaptive it's definitely part of our API since we support the use of custom wiring to use advanced features, so there's not much leeway.

Ok. I just wanted some clarification in terms of versioning. I think the existing policy is too strict. In this case the only deployers affected would be those who wrote custom implementations of various components. (With the exception of the changes to Request, which I'm considering reverting...) My guess is that number is approaching zero. I think there is a better balance to be struck between progress and stability. Admittedly, I don't know what that language should be.

Nevertheless, I think the best solution in this case is for me to migrate the core library over to github since that is the only dependency currently in the IDP. That will allow me to apply security fixes to 1.0.x for the foreseeable future.

Daniel Fisher April 29, 2015 at 2:14 AM

Driving forces for this change:

  • Google code is shutting down

  • Transitioning the 1.0.x codebase requires SVN due to it's project layout

  • 1.0.x is a Java 6 project

  • Would like the IDP to receive feature updates as they become available

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Original estimate

Components

Fix versions

Created April 28, 2015 at 2:04 PM
Updated February 20, 2019 at 2:42 AM
Resolved October 16, 2015 at 4:04 AM
Configure