AEM/CQ LDAP API’s (com.day.ldap.*) classes are all imported from Netscape library which Netscape developed around 1999-2000. The library hasn’t evolved with time and it now seems to have several issues.
We had an implementation which was to be carried over SSL and had to use ldaps protocol to communicate between CQ and LDAP but library failed to do that. Upon inquiring with Adobe, they acknowledged the issue and asked us to use Apache Ldap Library for these connection. We implemented the code which essentially was to create users in LDAP and then sync them to CQ5.
Apache library seems to have its own bugs (LDAP Pool management and opening and closing sessions) and some of the bugs start becoming evident as you will start putting load on the system. Developers are not quite active in Apache Library as well and is relatively new library.
At the end of it all and many hours spent, we finally are now using UnboundID with no issues and it seems to adapt quite well to the use case. We have encountered none issue and there are enough examples and pointers over internet as to how you can use the library code as well. Some of the examples code that we developed as part of both Apach and UnboundID will be posted in next few blog post.
All in all, if someone is looking to do some LDAP Operations with AEM, i would advise you not go with CQ library at all. Apache is Ok to use if your user base is quite small but go for UnboundID without a doubt as it is a well matured library.