directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: Virtual Directory (or LDAP Proxy)
Date Mon, 07 Feb 2005 07:35:40 GMT
Adison Wongkar wrote:

>Hi Alex,
>I see you have the "interceptor chain". I've actually been wondering whether
>it would be most efficient to implement the virtual directory as "backend"
>or as "interceptor".
Well a combination of approaches can be used. You can wrap backends 
around disparate data sources to access them in a standard mannar.

>Currently our implementation works as a backend (we originally designed it
>as a backend for openldap). So we have our own join & caching engine. This
>component has adapters that can talk with databases (via jdbc) and ldaps
>(via jndi) and somehow process them according to the mapping rules into a
>join/cache database. LDAP operations (search/add/modify/delete, etc.) are
>applied to this cache as well as the original data sources. This join/cache
>database can be in-memory db (such as hsql) or persistent db.

>Most of ldap servers (including ApacheDS) has a notion of backend. So, I
>would imagine our implementation would be more portable if implemented as
I think you may need to do both but time will tell. With other LDAP 
servers you never had
a choice: a backend was the only option. With ApacheDS you have an added 
degree of
freedom that may allow you to do even more.

None of these backends are compatible so you don't gain much by keeping 
it as just a backend.

>However, I'd like to see if implementing virtual directory
>component as interceptor would be the optimal way to do it. I'll learn more
>to find out. Any pointers would be appreciated.
>I see you've been involved with the RFC 3672. It's really cool to have LDAP
>view. Do you know how close it is to being ratified?
No actually I have not been involved with 3672 at all. I've been playing 
with the idea of submitting a new draft for defining views in a standard 

>-----Original Message-----
>From: Alex Karasulu [] 
>Sent: Monday, February 07, 2005 12:30 AM
>To: Apache Directory Developers List
>Subject: Re: Virtual Directory (or LDAP Proxy)
>Adison Wongkar wrote:
>>Hi everyone,
>>I just joined this mailing list. I'm Adison Wongkar from Verge 
>>Archemedia in Austin, TX. Me and a co-worker from the same company 
>>(Endi Dewata) has been working on a Virtual Directory piece of 
>>software. Currently we have developed it as a backend to OpenLDAP 
>>(writing back-java on our own). We have an interest to see if we could 
>>integrate our java code into the ApacheDS project. Perhaps as a 
>>backend to ApacheDS. I want to see if there's any interest from you 
>>all in having a virtual directory module for ApacheDS.
>Absolutely this is a very exciting niche in directory services. 
>We were considering LDAP Views (analogous to SQL views in RDBMs world) 
>for doing just this.  The view is essentially the fundamental mechanism 
>for enabling a directory as a virtual directory.  Obviously the view is 
>a hook into a complex subsystem of the directory server: the virtual 
>directory part.  The server detects a request and delegates that request 
>based on some subtree specification (see here in section 2.1 
> to this subsystem.  The 
>subsystem can do what it wants to compose and return the response.  This 
>includes any combination of the operations below and more ...
>o assemble one or more entries into a super entry
>o transform while assembling
>o remap attributes between two schemas
>o pull data from disparate (non jndi/ldap) resources to assemble the entry
>o ...
>This list really is just limited by our imagination isn't it :)?  Also 
>note that the interceptor subsystem of the server comes in very handy 
>here.  It can be used to trap a request, analyze it to see if it falls 
>into a subtree that is associated with a virtual area and delegate the 
>response to the virtual directory subsystem.  This is really cool stuff 
>- probably because its slick and not so easy to do - challenging.
>I think you'll find many people that would be interested in pursuing 
>this with you.  I'm very interested myself so count me in.  Another 
>fellow named Mark Swanson is also interested in this for his schedule 
>world application and his calendar server here:
>Also if you would like, you're welcome to work on a draft spec for 
>formalizing LDAP views.  I've started work on a draft for submission to 
>the ietf to try to standardize views within LDAP.  If we implement this 
>then virtual directories can be specified very easily.
>>Btw, I just checked out and played with the ApacheDS. Great work! Just 
>>by looking at the website, I got the impression that the project has 
>>just started. But when I played and looked at the code, I am quite 
>That's really nice to hear.  We've been doing this for the past 30 or so 
>months. However we've only been in the Apache Incubator for 16 months. 

View raw message