From users-return-3698-apmail-directory-users-archive=directory.apache.org@directory.apache.org Thu Jan 13 22:24:44 2011 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 74183 invoked from network); 13 Jan 2011 22:24:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Jan 2011 22:24:44 -0000 Received: (qmail 7425 invoked by uid 500); 13 Jan 2011 22:24:44 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 7323 invoked by uid 500); 13 Jan 2011 22:24:43 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 7315 invoked by uid 99); 13 Jan 2011 22:24:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Jan 2011 22:24:43 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 209.85.216.178 as permitted sender) Received: from [209.85.216.178] (HELO mail-qy0-f178.google.com) (209.85.216.178) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Jan 2011 22:24:39 +0000 Received: by qyk33 with SMTP id 33so2269128qyk.16 for ; Thu, 13 Jan 2011 14:24:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Y8+AsbMf/1NJk3nDeRUcohlQVyLgPJDZux4jUIx++bU=; b=hsv31026yqYskGW1s976QNWKB8qyarWmBI38IhbT8uHwvt+EwWbJXTp5x4zRXkKAIr Np6iTJT3K43pBMC0NB8NnO4q/wpNY7mUcXUACy6NeWNMqriODUhuKDVjHrdiKFUsihcR bxyfCOihuiD0R/C1VsIgcN0guSTcAiNuoXxmo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=YxUgt3prrQu7BxswBtzu7MlAKi9hrmxhe+KfjD3G906r89ckUj+NJ/ahXU04brdaxy 2wc4QzWCEdriQHFDv48dHwjwyfKaOYlS3Z+qB4CMgiCmJ/yUPas7cJXxxYGO9vMtYzJy HyJlZmXuXLA+FAlz12NMxBKuIO/92rfZsCj5M= MIME-Version: 1.0 Received: by 10.229.232.5 with SMTP id js5mr5228qcb.124.1294957457772; Thu, 13 Jan 2011 14:24:17 -0800 (PST) Sender: akarasulu@gmail.com Received: by 10.229.63.23 with HTTP; Thu, 13 Jan 2011 14:24:17 -0800 (PST) In-Reply-To: References: Date: Fri, 14 Jan 2011 00:24:17 +0200 X-Google-Sender-Auth: f-G0cLnTPFx9fnZ-r2-XpVSAj98 Message-ID: Subject: Re: ApacheDS and other backends From: Alex Karasulu To: users@directory.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Paul, On Thu, Jan 13, 2011 at 11:34 PM, Paul Edwards wrot= e: > Hi, > > I'm hoping someone can shed light on whether I can use apacheDS as a fron= tend to other directories or possibly even a database. Yes you certainly can. It's all a matter of how much effort you want to put into it. I have a scenario where I want to put apacheDS as a front to ADLDS. (cut down active directory). I'm wanting to do authentication against ADLDS, and then do some of my own stuff. > You're in luck, Antoine just recently finished adding a new feature that enables ApacheDS to delegate authentication to Active Directory, and presumably other LDAP servers. You make reference to this at the end of your email. So when you authenticate into ApacheDS, it delegates the authentication to AD. Then you can work within ApacheDS to add any kind of application specific data to it. This however does not mean that ApacheDS will show you what's inside AD when you connect to it. This is another matter all together that virtual directories do. However if you do want to present data via ApacheDS that is mastered by AD, then you can write your own customer backend (we call them partitions) to access this information and present it as if it came from ApacheDS. Likewise you can make another ApacheDS partition which accesses an RDBMS to show database information as LDAP entries. Virtual directories are designed specifically to allow you to do this without coding yourself but ApacheDS presently does not have this capability. You would have to write a custom partition to do this or use a Virtual Directory like Penrose. > I cannot see anything in the docs about using apacheds as a front to anot= her directory service. Is this possible? I do however see notes about writi= ng a new interceptor that can do pass through authentication to another lda= p service. Are people able to shed more light on this? I think I covered these questions above. > > Thanks > -- > Paul Edwards > Solutions Engineer > Identity Solutions Practice > --------------------------------------------------------- > hyro > W www.hyro.com > --=20 Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org To set up a meeting with me: http://tungle.me/AlexKarasulu