directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keheliya Gallaba <>
Subject Re: LDAP diagnostic tool - GSoC 2010
Date Sat, 22 May 2010 20:31:53 GMT
Hi all,

Thanks very much for your descriptive feedback. I modified the architecture
diagram [1] according to your suggestions. As Emmanuel pointed out, I'm
hoping to get an idea from apacheds-protocol-ldap subproject for
intercepting messages coming from the client and using Apache LDAP API to
send the modified messages to the server. I think responses coming from the
server need not to be modified. They can be just captured for logging
purposes, and redirected to the client unmodified.


On 21 May 2010 13:49, Emmanuel Lecharny <> wrote:

> On 5/21/10 9:27 AM, Stefan Seelmann wrote:
>> Keheliya Gallaba schrieb:
>>> Hello everyone,
>>> I have come up with an architecture diagram [1], with the help of
>>> Seelmann, for the LDAP diagnostic tool explaining the functionality of
>>> the core. I thought of implementing the initial phase with JNDI and
>>> moving to the new client API later. Please send your suggestions for
>>> this approach, and about the existing code components I can reuse, from
>>> Directory Studio.
>>> [1]
>> When I look to this picture it reminds of the Wireshark tool. I looks
>> like the "LDAP Proxy Core" only listens to the communication stream. But
>> my understanding, and please correct me if I'm wrong, is that the proxy
>> really intercepts the communication.
>> Another though regarding JNDI and the new client API: I'm not sure if
>> you can work with such high-level API at all. You have to deal with
>> low-level LDAP messages, maybe you have to learn ASN.1.
> Well, I think that you just need the API to resend the data to the server.
> But here you have options :
> - simply redirect the flow to the server without changing it
> - or let the proxy connect to the remote server through the API.
> Thinking more about it, and regarding the controls we don't support, it
> seems a better options not to use the API or JNDI at all.
> Now, it does not seems necessary to learn anything about ASN.1, we already
> have all the needed decoders.
>  An example: one use case of the tool is to just log the LDAP messages
>> but leave them unmodified. In that case JNDI can't be used because you
>> can't control the message it creates. However you should take a look
>> into the LDAP API code and how it uses the underlying network layer
>> (Apache Mina) to send LDAP requests.
> Learning about MINA is definitively a must.
> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny

Keheliya Gallaba

View raw message