directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: Using Eve as a proxy to an existing LDAP server - Interceptor HOW-TO
Date Tue, 16 Aug 2005 15:33:50 GMT
Well, another way to look at it is wether or not you want to do "pass
through" operations.  For instance if I could bind as
"cn=user,dc=domain,dc=com"  but it might not matter how i perform
operations.  If this is the case you don't need to worry about tying
them together.  Otherwise I don't think there's an easy tie back from
the authenticator, or at least there wasn't the last time I tried to
build a proxy (apacheds .9).  You may be able to use a Singleton.

Marc

On 8/16/05, Jérôme Baumgarten <jbaumgarten@gmail.com> wrote:
> I know about Penrose but I would preferably use ApacheDS since Penrose
> does more than I actually need.
> 
> With a proxy, the information about the user won't be in the ApacheDS
> base but part of the proxyed LDAP server. From what I've understood I
> thus need to provide my own Authenticator. That authenticator should
> just authentify the user against the proxyed LDAP. To do that I need
> to know to which ContextPartition that user (DN) belongs to. Is it
> possible to get that information from within the authenticator ? Like
> given a DN, is it possible to get the ContextPartition it belongs to ?
> Another way, is it possible to associate an authenticator with one or
> more partitions ?
> 
> Regards,
> Jérôme
> 
> On 8/16/05, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> > Ah, yes.  You are 100% correct in your assumptions then.  BTW, there
> > is already a virtual directory (based on apacheds) Called Penrose.
> > I've not tried it but I think it has a mapping capability in addition
> > to proxy support.
> >
> > Marc
> >
> >
> > On 8/16/05, Jérôme Baumgarten <jbaumgarten@gmail.com> wrote:
> > > I understand that to do simple proxying all I need to do is to
> > > implement my own ContextPartition. But this is only the first step of
> > > what I plan to do.
> > >
> > > The second step (as explained in my first post) is to be able to
> > > change, if necessary,  incoming requests (like the filter), change the
> > > outgoing results, and maybe send the proxyed LDAP server some LDAP
> > > requests to enrich the results ApacheDS should send back to the
> > > client. To my understanding, this could be done as an interceptor,
> > > thus leaving my ContextPartition just doing proxying and nothing else.
> > > Am I correct ? My intend is to have a ContextPartition that only does
> > > proxying, nothing else, making it a reusable component for myself and
> > > anyone else interested. I believe that what needs to be done to
> > > realize my step 2 should definitely not be in the ContextPartition.
> > >
> > > On 8/16/05, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> > > > I thinkyou are confusing interceptors and contexts.  An interceptor is
> > > > something that sits between the protocol stack and the context (just
> > > > as a servlet filter sits between the container and the servlet/jsp).
> > > > You want to look at implementing a custom partition, which is covered
> > > > in the wikis.
> > > >
> > > > You are correct in your assertion that you do not need to worry about
> > > > schema (for the most part) when proxying a remote directory.
> > > >
> > > > Marc
> > > >
> > > > On 8/16/05, Jérôme Baumgarten <jbaumgarten@gmail.com> wrote:
> > > > > On 8/12/05, Trustin Lee <trustin@gmail.com> wrote:
> > > > > > Hello,
> > > > > >
> > > > > > 2005/8/11, Jérôme Baumgarten <jbaumgarten@gmail.com>:
> > > > > > > In this PowerPoint presentation
> > > > > > > (
> > > > > > http://www.google.com/url?sa=t&ct=res&cd=1&url=https%3A//karasulu.homeip.net/svn/akarasulu/apachecon/eve-presentation/eve-intro-long.ppt&ei=DTb7QuLIE8emQeOnwNMB),
> > > > > > > I've read that it is possible to use Eve as a proxy to
an existing
> > > > > > > LDAP server.
> > > > > >
> > > > > >  Yes, you can.  There is an interface called 'ContextPartition'
that you can
> > > > > > implement.  You could implement it to work as a proxy to other
LDAP server.
> > > > > >
> > > > > >
> > > > > > > The second step is a bit more complicated but it seems
that with some
> > > > > > > coding that should be possible. To make that off-the-shelf
application
> > > > > > > work my own LDAP using custom model and schema, I would
need to be
> > > > > > > able to "catch" incoming requests and under some conditions
> > > > > > > re-evaluate search to return the correct results. According
to that
> > > > > > > same presentation, I believe that I should go for the Interceptor.
Is
> > > > > > > there any information available out there to help me deal
with it ?
> > > > > >
> > > > > >  You can generate ApacheDS schema classes from LDAP schema file
using a
> > > > > > Maven plugin we've created.  And of course you can configure
ApacheDS to
> > > > > > load them when it starts up.
> > > > >
> > > > > Thanks, But is this mandatory ? In the first step, all I want it
to do
> > > > > is to proxy (relay) incoming LDAP requests to another LDAP server.
To
> > > > > what extend ApacheDS needs to know the schema to just relay the
> > > > > requests ?
> > > > >
> > > > > Also, is there any publicly available documentation on the
> > > > > interceptors ? It looks like that is the way to go to fulfill myu
> > > > > second step.
> > > > >
> > > > > >  Trustin--
> > > > > > what we call human nature is actually human habit
> > > > > > --
> > > > > > http://gleamynode.net/
> > > > >
> > > > > Regards,
> > > > > Jérôme
> > > > >
> > > >
> > >
> >
>

Mime
View raw message