directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: LDAP diagnostic tool - GSoC 2010
Date Fri, 21 May 2010 08:19:57 GMT
On 5/21/10 9:27 AM, Stefan Seelmann wrote:
> Keheliya Gallaba schrieb:
>> Hello everyone,
>> I have come up with an architecture diagram [1], with the help of
>> Seelmann, for the LDAP diagnostic tool explaining the functionality of
>> the core. I thought of implementing the initial phase with JNDI and
>> moving to the new client API later. Please send your suggestions for
>> this approach, and about the existing code components I can reuse, from
>> Directory Studio.
>> [1]
> When I look to this picture it reminds of the Wireshark tool. I looks
> like the "LDAP Proxy Core" only listens to the communication stream. But
> my understanding, and please correct me if I'm wrong, is that the proxy
> really intercepts the communication.
> Another though regarding JNDI and the new client API: I'm not sure if
> you can work with such high-level API at all. You have to deal with
> low-level LDAP messages, maybe you have to learn ASN.1.
Well, I think that you just need the API to resend the data to the 
server. But here you have options :
- simply redirect the flow to the server without changing it
- or let the proxy connect to the remote server through the API.

Thinking more about it, and regarding the controls we don't support, it 
seems a better options not to use the API or JNDI at all.

Now, it does not seems necessary to learn anything about ASN.1, we 
already have all the needed decoders.
> An example: one use case of the tool is to just log the LDAP messages
> but leave them unmodified. In that case JNDI can't be used because you
> can't control the message it creates. However you should take a look
> into the LDAP API code and how it uses the underlying network layer
> (Apache Mina) to send LDAP requests.
Learning about MINA is definitively a must.

Emmanuel L├ęcharny

View raw message