<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">The point of the examples is to show
Keycloak features. For LDAP, it's about showing how to configure
LDAP Federation provider and mappers. For Kerberos it's SPNEGO
authentication with credential delegation used in the app.<br>
<br>
IMO for examples it doesn't matter if you use "real" production
ready LDAP server or not. The mappers etc should work with any
LDAP server vendor. The only reason for ApacheDS is that it's Java
based and easy to run for "hello-worldish" scenario.<br>
<br>
Same like Wildfly is using H2 by default due it's java based
without any setup required, however in production you will switch
to some different "real" database.<br>
<br>
Marek<br>
<br>
On 25/01/16 18:58, Stian Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAfAULg_HiFWZiyJoM1ahRa4mAQQB0jTw8bO7QAqdd23dw@mail.gmail.com"
type="cite">
<div dir="ltr">We will keep it as is for now that's for sure, we
have other things to focus on right now.
<div><br>
</div>
<div>Personally at least I don't see much value in an example
that doesn't use a real LDAP server. I wonder if anyone
actually uses that example at all.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25 January 2016 at 17:37, Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Just looked at this possibility. It would mean much
bigger number of steps for people to try out examples. <br>
<br>
For classic LDAP they will need to: download from
webpage, unzip, run, import the LDIF file<br>
<br>
However for Kerberos it's much more steps as default
ApacheDS setup doesn't have kerberos enabled. So
additionally they need to download Apache Directory
studio (more than 100 MB download), enable kerberos
server through Directory Studio, configure interceptors,
sasl principal etc.<br>
<br>
Current programmatic configuration used in examples
means that people can run the embedded ApacheDS server
in single step through mvn exec:java . Much less pain
and much easier setup.<br>
<br>
Is the separate util/embedded-ldap module really so big
issue? Despite manual download and setup, the other
possibility to get rid of it may be to duplicate some
code for ApacheDS setup into the examples itself. It
would mean some code duplication, however
util/embedded-ldap module would be removed. <br>
<br>
Still I don't like the duplications, my preferred option
is to keep as it is.<span class="HOEnZb"><font
color="#888888"><br>
<br>
Marek</font></span>
<div>
<div class="h5"><br>
<br>
On 25/01/16 13:07, Stian Thorgersen wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">I know, but the examples should get
ApacheDS from <a moz-do-not-send="true"
href="https://directory.apache.org/apacheds/"
target="_blank">https://directory.apache.org/apacheds/</a>,
not a hacked/modified version.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25 January 2016 at
12:58, Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Sure, ApacheDS is exactly what we're
using in examples and what's used by
testsuite by default. Module
util/embedded-ldap has dependency on
apache-ds and it's just adding few
additional fixes and enhancements.<span><font
color="#888888"><br>
<br>
Marek</font></span>
<div>
<div><br>
<br>
On 25/01/16 12:48, Stian Thorgersen
wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Shouldn't the examples
be based on a real LDAP server
instead? For example <a
moz-do-not-send="true"
href="https://directory.apache.org/apacheds/"
target="_blank"><a class="moz-txt-link-freetext" href="https://directory.apache.org/apacheds/">https://directory.apache.org/apacheds/</a></a>?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25
January 2016 at 12:36, Marek
Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"><span>
<div>On 21/01/16 13:19,
Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">util/embedded-ldap
can we move this to
testsuite?</div>
</blockquote>
</span> It's used by both
testsuite and examples ("ldap"
and "kerberos" examples). <br>
<br>
That was main motivation to
move them to separate module,
so examples are not dependent
on testsuite.<span><font
color="#888888"><br>
<br>
Marek</font></span>
<div>
<div><br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div
class="gmail_quote">On
21 January 2016 at
13:18, Stian
Thorgersen <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr">saml/saml-core
I take it that's
used by client
and server?
Should we just
move saml-core
to the root?
Seems
unnecessary to
have a parent
module with only
one module
inside.</div>
<div>
<div>
<div
class="gmail_extra"><br>
<div
class="gmail_quote">On
21 January
2016 at 13:08,
Stian
Thorgersen <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:sthorger@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr"><br>
<div
class="gmail_extra"><br>
<div
class="gmail_quote"><span>On
20 January
2016 at 23:27,
Bill Burke <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:bburke@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:bburke@redhat.com">bburke@redhat.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">"backends"
(jpa, mongo,
infinispan)
were
consolidated
under<br>
keycloak-model-(jpa,
mongo,
infinispan).<br>
<br>
Integration
module was
moved around
into:<br>
adapters/<br>
adapters/oidc<br>
adapters/saml<br>
spi/<br>
<br>
connections,
broker,
social, events
etc. were
consolidated.<br>
<br>
Modules I did
not
consolidate:<br>
<br>
federation/*<br>
<br>
I kept
federation
separate as
I'm wondering
what will
happen with<br>
kerberos and
IBM JDK. LDAP
module depends
on kerberos,
so I kept that<br>
separate too.<br>
<br>
events/syslog<br>
</blockquote>
<div><br>
</div>
</span>
<div>I'm
deleting this.
Shouldn't have
been added in
the first
place as
syslog can be
done with the
syslog
appender for
regular
logging.
Besides no one
actually
requested it.</div>
<span>
<div> </div>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<br>
Not sure if
this is
something we
was removable
or not as it
depends on a<br>
thirdparty
library.<br>
<br>
client-registration/*<br>
</blockquote>
<div><br>
</div>
</span>
<div>Moved to
integration.
It's client
lib for client
registration
service.</div>
<div> </div>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
wildfly/*<br>
</blockquote>
<div><br>
</div>
<div>Needs to
stay as is.
It's all
specifics to
WF and they
can't be
combined.</div>
<span>
<div> </div>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<br>
I don't know
much about
these modules
so I kept them
separate.<br>
Stian/Marko
can decide
what they want
to do here.<br>
<span><font
color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a
division of
Red Hat<br>
<a
moz-do-not-send="true"
href="http://bill.burkecentral.com" target="_blank"><a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></a><br>
<br>
_______________________________________________<br>
keycloak-dev
mailing list<br>
<a
moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></a><br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></a><br>
</font></span></blockquote>
</span></div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>