directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <>
Subject Re: [jira] Commented: (DIREVE-265) delegating binds to custom partitions
Date Thu, 22 Sep 2005 04:21:28 GMT
So all LDAP operations are required to Interceptors and ContextPartitions to
make ApacheDS fully function as an LDAP proxy server, right? WDYT, other
guys? It looks like a good reason.


2005/9/22, Norbet Reilly <>:
> Hi Trustin,
>  My interest in creating the patch is a custom partition that proxies to
> an external LDAP server. Hence I want to use the proxied server's
> authentication if the DN presented to the bind() matches the proxy
> partition's suffix and otherwise authenticate against ApacheDS's user store.
>  Note that the custom proxy partition additionally has some credentials
> stored locally, which it uses to discover the remote LDAP schema and add
> matching entries to the GlobalRegistries at server start-up time. Hence the
> intention behind the patch is to allow access to the remote proxy partition
> without having to duplicate all of its users inside ApacheDS.
>  Having said that, the only reason that I touched the interceptor code was
> by necessity as ContextPartition was impacted by the addition of the bind()
> method (and wanted to dispatch to it using the ContextPartitionNexus). I'm
> not that familiar with the code yet, so please let me know if I changed more
> then I needed to.
>  As I've mentioned to Alex in a previous posting; I'd imagine that
> ultimately the core server might delegate a number of services to custom
> partitions (authentication, schema (rather then a single top-level static
> schema have one under each partition that has its own) etc). Hence although
> I know this patch is only a small isolated step in that direction, it may be
> useful to anyone else implementing a proxying custom partition.
>  Thanks

what we call human nature is actually human habit

View raw message