[
https://issues.apache.org/jira/browse/FTPSERVER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12931716#action_12931716
]
Andrey Domas commented on FTPSERVER-391:
----------------------------------------
2Kiran:
Of course a properly configured LDAP server must prohibit the reading of the
attribute with the password. In this case, authentication via LDAP can be
implemented through binding. If we (FTP server) know the unencrypted
password(from FTP session) and a user successfully binded to LDAP server - the
password is correct and it can be cached.
Why cache a password? For performance.
For a site with thousands of new sessions per minute on one server it is very
important.
Caching everything except the password covers 50% of LDAP requests, with the
password caching - 100% requests.
> LDAP support
> ------------
>
> Key: FTPSERVER-391
> URL: https://issues.apache.org/jira/browse/FTPSERVER-391
> Project: FtpServer
> Issue Type: New Feature
> Components: Core
> Reporter: Andrey Domas
> Fix For: 1.1.0
>
> Attachments: mina-1.1.0-ldap.patch
>
>
> Patch with cached LDAP support.
> Features:
> * Authentication and authorization from LDAP(JNDI client implementation).
> * Cache for the search results in a directory for authentication (password
> is cached in the successful bindu).
> Cache options:
> - ttl - time to live of the object in the cache (seconds)
> - size - max. cache size(number of the objects)
> - check-interval - interval of the periodic cleaning job(search and
> remove expired objects, seconds)
> * User preferences received from LDAP attributes:
> username
> home directory
> enabled - if present then the user has the login permission)
> write permission - if present then the user has the write permission
> under home directory
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
