directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From marc & lan <marc...@free.fr>
Subject [apacheDS][MINA] proxying HOW-TO ?
Date Sun, 29 Jan 2006 15:01:10 GMT
Hi everybody
I'm introducing myself : I'm working into LDAP directories for 3 years 
now and into Java for the same time.

I'm very interested in apacheDS and in particular the proxy aspect.

---------------------------
Ze concern
---------------------------

I explain :
I want to transform a multi-appliaction common LDAP directory server 
with group application properties into a user application attribute 
directory.

Now my directory is a big fat one (90.000 peoples) with several 
applications using it to do auth. and identification.

Applications use it also to get some business information. The only way 
for application to store and retrieve such information is using 
groupOfUniquemebers in dedicated namespace (ou=<application>, ou=groups, 
dc=...).

It works very well, but all clients applications are not done wery well :)
They're doing such a mess that I have to clean their groups sometime.


In my book, I would use a common attribute, say 'myBusinessAttribute' 
for them to store business information.

Each application could set some prefixed values into 
'myBusinessAttribute' as :

myBusinessAttribute: appliA@manager BU123
myBusinessAttribute: appliA@manager BU125
myBusinessAttribute: appliB@reader newspapers/Le Monde/Liberation/
myBusinessAttribute: rss@http://www.springframework.org/rss.xml

Very nice, but... but LDAP security model is not so fine grained, and as 
I don't trust application designers, I don't trust them to write without 
control.

------------------------------------
When Ze apacheDS come in Ze story
------------------------------------

It's here apacheDS come in !!

I would use apacheDS to do transparent proxying to my actual big fat 
directory and control on modificationRequest the good attribute values.



     |------- read 389 ---------------->|-----------|
  --------              ---------       |           |
| client | -- write -->| PROXY |------>| Directory |
  --------     port 391 |  391  | 389   |  389      |
                        --------        -------------

I have read that Jêrome Baumgarten have tried to do such a thing (@see 
Using Eve as a proxy to an existing LDAP server - Interceptor HOW-TO)

I'm trying to do so using a custom Session Registry with a custom 
LdapProtocolProvider and registring into a mina registry, but there's 
some tied dependencies I fail to erase.

So my question is : Filtering Proxy How to do ?

Thanks

Marc DeXeT

Mime
View raw message