Using LDAP across Servers without copying the necessary Jars

Question

LDAP authentication in different J2EE servers is different, unfortunately.

Eg. If I develop a code in JBoss for LDAP authentication with LDAP login module of JBoss, 99% chances are that it will not run in WebSphere or any other J2EE containers. Maybe if I import that library jar files, it might work. I’m looking at just porting the application and not having to worry about library files, unless we have written the libraries. Libraries of J2EE servers must not be copied from one server to the other. I don’t know if that could be called code ethics!!

Is there a J2EE server independent module for LDAP or way of programming for doing this?

Is the solution – code from scratch using JNDI the only method? Please advice.

Answer 1

I'd suspect that most J2EE container already have an LDAP module for the authentication, in which case the problem you're having isn't really about programming, but about adapting the configuration from one container to another. Little to no actual code should be required for this. It's not clear why you would develop your own code for LDAP authentication then.

If you really want this configuration to be container independent, you'll certainly need to embed the authentication within the webapp itself. The Restlet framework, for example, can do that, but it's part of a wider architectural choice, which may or may not be what you're after.

Even if you program your own LDAP code via JNDI or JAAS for example, you're likely to have to tweak the configuration of the container, perhaps for its security manager to let the connections to your LDAP server through (if enabled) or at least to configure which LDAP server to use when deploying the application.

I think in the general case, it's probably wiser to use the container's module (which will vary depending on the container). It ultimately depends on how you configure your webapps when deploying them.