In regard to: RE: debugging, Quanah Gibson-Mount said (at 11:13am on May...:
--On Wednesday, May 13, 2015 6:24 PM +0000 Craig White CWhite@skytouchtechnology.com wrote:
The above log line clearly indicates the client issued a search using a base of cn=accesslog. This would be a bug in the java code. ---- Thanks - that was valuable. Despite all configuration to JNDI which says where to search, the application is choosing to search 'cn=accesslog' - that was we needed to know.
Using JNDI for LDAP is a very, very bad idea.
On this, I'll take your word and Howard's second as "gospel".
For my own edification and possibly the benefit of the archives, though, can you go into the reasons *why* it's a bad idea? I'm not a Java developer but I have some down the hall from me, so I would like to be able to back up "it's a very, very bad idea" with more than just "because Quanah and Howard say so". That's enough for me, but not for some.
Our Java developers are apparently using something called "ldaptive" from Virginia Tech, which defaults to using JNDI but can actually sit on top of the Unbound ID SDK or possibly others.
Tim