Hi Saul, I'm happy to wait until Friday, but check your request queue before you make the change yourself as I may submit one. I've made the change on my own fork, but I've only changed the function definition from private to public; I haven't looked into the changes required for testing and documentation. Like about every other geek in the world I'm time-poor and spending much of my spare time learning Clojure (*while* writing my first app). It would be a good exercise though, so, as I said, check your requests.
I'd probably prefer the approach I described partly to keep the overhead of decryption on the LDAP server rather than on my application server. Strictly speaking from ignorance, I'd guess that the LDAP server would perform the decryption a little faster, and with a smaller memory footprint. Also, binding to the LDAP server means that your application only needs to know how to negotiate a secure connection over LDAPS, irrespective of the encryption scheme used on the directory server, removing the requirement to build in support for every scheme likely to be encountered in the wild (which might also introduce legal complications). On the other hand, your method requires less trips, but I'm not sure how much impact it would have if it were independent of web traffic and over a fast local connection. Paul On Mar 15, 9:46 pm, Saul Hazledine <shaz...@gmail.com> wrote: > On Mar 15, 1:30 am, Paul Dorman <paul.dor...@gmail.com> wrote: > > > Hi Saul, > > > I would like to implement a LDAP authentication in Clojure, based > > around clj-ldap. Do you think it is necessary for the bind-request > > function to be private? In LDAP v3 bind requests can be sent at any > > time during a connection, so I can run a small connection pool for > > authentication without the overhead of creating a new connection every > > time someone authenticates. My plan is to take the UID and password, > > search the directory for the matching DN, and then bind with that DN > > given the provided password. > > changes > > I had no idea you could do that - cool. > > One thought though is that it may be quicker simply do a lookup on the > directory server, obtain the password and then do a compare. In > OpenLDAP, posixUser uids are indexed by default. Java libraries are > available for most password encryption algorithms. This is the > approach I use - do you know of any problems with my method? > > > Any enormous flaws in this approach? More specifically, would you > > consider a public bind-request function in an upcoming release? > > I can see no flaws with your approach. I can do this on Friday if you > don't mind waiting. Otherwise, if you want to make the changes > yourself to the master branch, do a pull request and I'll gladly merge > in the new functionality. > > Saul -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
