directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Baumgarten <jbaumgar...@gmail.com>
Subject Re: Using Eve as a proxy to an existing LDAP server - Interceptor HOW-TO
Date Tue, 16 Aug 2005 15:08:03 GMT
I know about Penrose but I would preferably use ApacheDS since Penrose
does more than I actually need.

With a proxy, the information about the user won't be in the ApacheDS
base but part of the proxyed LDAP server. From what I've understood I
thus need to provide my own Authenticator. That authenticator should
just authentify the user against the proxyed LDAP. To do that I need
to know to which ContextPartition that user (DN) belongs to. Is it
possible to get that information from within the authenticator ? Like
given a DN, is it possible to get the ContextPartition it belongs to ?
Another way, is it possible to associate an authenticator with one or
more partitions ?

Regards,
Jérôme

On 8/16/05, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> Ah, yes.  You are 100% correct in your assumptions then.  BTW, there
> is already a virtual directory (based on apacheds) Called Penrose.
> I've not tried it but I think it has a mapping capability in addition
> to proxy support.
> 
> Marc
> 
> 
> On 8/16/05, Jérôme Baumgarten <jbaumgarten@gmail.com> wrote:
> > I understand that to do simple proxying all I need to do is to
> > implement my own ContextPartition. But this is only the first step of
> > what I plan to do.
> >
> > The second step (as explained in my first post) is to be able to
> > change, if necessary,  incoming requests (like the filter), change the
> > outgoing results, and maybe send the proxyed LDAP server some LDAP
> > requests to enrich the results ApacheDS should send back to the
> > client. To my understanding, this could be done as an interceptor,
> > thus leaving my ContextPartition just doing proxying and nothing else.
> > Am I correct ? My intend is to have a ContextPartition that only does
> > proxying, nothing else, making it a reusable component for myself and
> > anyone else interested. I believe that what needs to be done to
> > realize my step 2 should definitely not be in the ContextPartition.
> >
> > On 8/16/05, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> > > I thinkyou are confusing interceptors and contexts.  An interceptor is
> > > something that sits between the protocol stack and the context (just
> > > as a servlet filter sits between the container and the servlet/jsp).
> > > You want to look at implementing a custom partition, which is covered
> > > in the wikis.
> > >
> > > You are correct in your assertion that you do not need to worry about
> > > schema (for the most part) when proxying a remote directory.
> > >
> > > Marc
> > >
> > > On 8/16/05, Jérôme Baumgarten <jbaumgarten@gmail.com> wrote:
> > > > On 8/12/05, Trustin Lee <trustin@gmail.com> wrote:
> > > > > Hello,
> > > > >
> > > > > 2005/8/11, Jérôme Baumgarten <jbaumgarten@gmail.com>:
> > > > > > In this PowerPoint presentation
> > > > > > (
> > > > > http://www.google.com/url?sa=t&ct=res&cd=1&url=https%3A//karasulu.homeip.net/svn/akarasulu/apachecon/eve-presentation/eve-intro-long.ppt&ei=DTb7QuLIE8emQeOnwNMB),
> > > > > > I've read that it is possible to use Eve as a proxy to an existing
> > > > > > LDAP server.
> > > > >
> > > > >  Yes, you can.  There is an interface called 'ContextPartition' that
you can
> > > > > implement.  You could implement it to work as a proxy to other LDAP
server.
> > > > >
> > > > >
> > > > > > The second step is a bit more complicated but it seems that
with some
> > > > > > coding that should be possible. To make that off-the-shelf application
> > > > > > work my own LDAP using custom model and schema, I would need
to be
> > > > > > able to "catch" incoming requests and under some conditions
> > > > > > re-evaluate search to return the correct results. According
to that
> > > > > > same presentation, I believe that I should go for the Interceptor.
Is
> > > > > > there any information available out there to help me deal with
it ?
> > > > >
> > > > >  You can generate ApacheDS schema classes from LDAP schema file using
a
> > > > > Maven plugin we've created.  And of course you can configure ApacheDS
to
> > > > > load them when it starts up.
> > > >
> > > > Thanks, But is this mandatory ? In the first step, all I want it to do
> > > > is to proxy (relay) incoming LDAP requests to another LDAP server. To
> > > > what extend ApacheDS needs to know the schema to just relay the
> > > > requests ?
> > > >
> > > > Also, is there any publicly available documentation on the
> > > > interceptors ? It looks like that is the way to go to fulfill myu
> > > > second step.
> > > >
> > > > >  Trustin--
> > > > > what we call human nature is actually human habit
> > > > > --
> > > > > http://gleamynode.net/
> > > >
> > > > Regards,
> > > > Jérôme
> > > >
> > >
> >
>

Mime
View raw message