什么是好的嵌入式 Java LDAP 服务器?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/337756/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is a good embeddable Java LDAP server?
提问by aaronroyer
I'm working on a Java web application that integrates with a few other external applications that are deployed along with it. Authentication information must be synchronized across everything and the other applications want to authenticate against LDAP. The application will be deployed in environments where there will be no other LDAP server for everything to use; I have to provide it. My solution so far has been to use Penrose Serveras a standalone app, which I set up to examine tables in the main application's database and publish LDAP based on that. It works well, but it would be nice to have something that can be embedded into the main application itself to simplify deployment.
我正在开发一个 Java Web 应用程序,该应用程序与一些与其一起部署的其他外部应用程序集成。身份验证信息必须在所有内容之间同步,并且其他应用程序想要针对 LDAP 进行身份验证。该应用程序将部署在没有其他 LDAP 服务器可供使用的环境中;我必须提供它。到目前为止,我的解决方案是使用Penrose Server作为独立应用程序,我将其设置为检查主应用程序数据库中的表并基于此发布 LDAP。它运行良好,但如果可以将某些内容嵌入到主应用程序本身以简化部署,那就太好了。
It looks like Penrose can be embedded, but the documentation can be a bit spotty or out-of-date (though it seems to be actively developed). It could be an acceptable solution, but if there is another out there that is known to work well in an embedded configuration I might want to check it out.
看起来 Penrose 可以嵌入,但文档可能有点参差不齐或过时(尽管它似乎正在积极开发)。这可能是一个可接受的解决方案,但如果有另一个已知在嵌入式配置中运行良好的解决方案,我可能想检查一下。
I'm also concerned about GPL issues with Penrose. I'm not at liberty to GPL the source code for the application. I don't believe it was an issue running it standalone, but embedding it may be no-no... anybody know for sure? A permissive license would be good in order to avoid these issues.
我还担心 Penrose 的 GPL 问题。我不能随意使用 GPL 应用程序的源代码。我不相信独立运行它是一个问题,但嵌入它可能是不行的......有人肯定知道吗?为了避免这些问题,宽松的许可证会很好。
Requirements:
要求:
- LDAP v3
- Must be able to be have the directory contents updated while running, either programmatically or by another means like syncing with the database as Penrose does
- Easy to configure (no additional configuration for the app at deployment time would be ideal)
- LDAP v3
- 必须能够在运行时更新目录内容,无论是通过编程方式还是通过其他方式,例如像 Penrose 那样与数据库同步
- 易于配置(在部署时无需对应用程序进行额外配置是理想的)
So far I've briefly looked at ApacheDSand OpenDSwhich seem to be embeddable.
到目前为止,我已经简要介绍了ApacheDS和OpenDS,它们似乎是可嵌入的。
Does anyone have experience with this kind of thing?
有没有人有这种事情的经验?
回答by cringe
You should take a look at Apache DS. I just started using it as an embedded serverto setup a JUnit test. It's working good so far, the only thing stopping me right now is my limited LDAP knowledge. ApacheDS looks like a decent project and I think it's worth the effort.
你应该看看Apache DS。我刚开始将它用作嵌入式服务器来设置 JUnit 测试。到目前为止,它运行良好,现在唯一阻止我的是我有限的 LDAP 知识。ApacheDS 看起来是一个不错的项目,我认为值得付出努力。
回答by Olaf Kock
As this question has been unanswered for quite some time, I'd like to suggest that you also take the commercial license of Penrose into account - it's got a dual license for people just like you, when the GPL implications are prohibitive. I don't know their prices and model, but it might be easier and cheaper to go with a solution that you already know than to get used to another solution that you need to get used to. You can either pay with your money or with your time...
由于这个问题已经有很长一段时间没有答案了,我建议您也考虑一下 Penrose 的商业许可 - 当 GPL 的影响令人望而却步时,它为像您这样的人提供了双重许可。我不知道他们的价格和型号,但是使用您已经知道的解决方案可能比习惯另一个您需要习惯的解决方案更容易、更便宜。你可以用你的钱或你的时间来支付...
Also - for the records, not applying in this case: When projects use the GPL and you'd like to embed them in a non-GPL way, it might pay to ask the developers for a more permissive license. Some people publish under GPL not thinking about the implications. You might get them to changing the license if this means broader usage of the project. Others specifically want the GPL-implications, but it's always good to ask. Penrose has already thought about this and offers a commercial license.
另外 - 作为记录,在这种情况下不适用:当项目使用 GPL 并且您想以非 GPL 方式嵌入它们时,可能需要向开发人员索取更宽松的许可证。有些人在 GPL 下发布,没有考虑其含义。如果这意味着项目的更广泛使用,您可能会让他们更改许可证。其他人特别想要 GPL 的含义,但询问总是好的。Penrose 已经考虑到了这一点,并提供了商业许可。
回答by Andrew Swan
I've never done it myself, but you can use Spring Security to easily set up an embedded Apache Directory server, with minimal Spring XML config required.
我自己从未做过,但您可以使用 Spring Security 轻松设置嵌入式 Apache Directory 服务器,只需要最少的 Spring XML 配置。
回答by Gareth Davis
I've just spent a couple of days looking into exposing our internal application user db as an LDAP service. I looked initially at apache-ds, while it seems to be a very powerful directory service extending it to expose a relational db is mind numbingly complex.
我刚刚花了几天时间研究将我们的内部应用程序用户 db 公开为 LDAP 服务。我最初看的是 apache-ds,虽然它似乎是一个非常强大的目录服务,但扩展它以公开关系数据库却是令人麻木的复杂。
Have settled on penrose as it seems to offer a pretty good solution, managed to prototype a solution in about 2 hours.
选择了彭罗斯,因为它似乎提供了一个很好的解决方案,并设法在大约 2 小时内制作出解决方案的原型。
