directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: ApacheDS and other backends
Date Thu, 13 Jan 2011 22:24:17 GMT
Hi Paul,

On Thu, Jan 13, 2011 at 11:34 PM, Paul Edwards <> wrote:
> Hi,
> I'm hoping someone can shed light on whether I can use apacheDS as a frontend to other
directories or possibly even a database.

Yes you certainly can. It's all a matter of how much effort you want
to put into it.

I have a scenario where I want to put apacheDS as a front to ADLDS.
(cut down active directory). I'm wanting to do authentication against
ADLDS, and then do some of my own stuff.

You're in luck, Antoine just recently finished adding a new feature
that enables ApacheDS to delegate authentication to Active Directory,
and presumably other LDAP servers. You make reference to this at the
end of your email.

So when you authenticate into ApacheDS, it delegates the
authentication to AD. Then you can work within ApacheDS to add any
kind of application specific data to it.

This however does not mean that ApacheDS will show you what's inside
AD when you connect to it. This is another matter all together that
virtual directories do. However if you do want to present data via
ApacheDS that is mastered by AD, then you can write your own customer
backend (we call them partitions) to access this information and
present it as if it came from ApacheDS.

Likewise you can make another ApacheDS partition which accesses an
RDBMS to show database information as LDAP entries. Virtual
directories are designed specifically to allow you to do this without
coding yourself but ApacheDS presently does not have this capability.
You would have to write a custom partition to do this or use a Virtual
Directory like Penrose.

> I cannot see anything in the docs about using apacheds as a front to another directory
service. Is this possible? I do however see notes about writing a new interceptor that can
do pass through authentication to another ldap service. Are people able to shed more light
on this?

I think I covered these questions above.

> Thanks
> --
> Paul Edwards
> Solutions Engineer
> Identity Solutions Practice
> ---------------------------------------------------------
> hyro
> W

Alex Karasulu
My Blog ::
Apache Directory Server ::
Apache MINA ::
To set up a meeting with me:

View raw message