Proposal is good. I believe you are trying to use ApacheDS' ldap protocol
implementation? We only need to direct the LDAP request to the back-end
user store JDBC/LDAP as appropriate. If it is a LDAP user store, then we
are simply doing request pass-thru. But, ApacheDS has its own directory
storage. We do not need that. We only need the protocol support it has.

What is your plan to achieve this?

Thanks,
KasunG


On Wed, Aug 2, 2017 at 9:39 AM, Dineth Chalitha <din...@wso2.com> wrote:

> Hi All,
>
>
> LDAP is a core protocol that is used to store user, role, and group
> information.Identity server already supports connecting to LDAP supported
> authz systems for authentication and authorization. The idea of this
> project is to make IS itself act as a LDAP protocol provider.
>
>
> *Problem Definition*
>
> Current Identity server can communicate with LDAP as a client. It means
> Identity server can use an  LDAP server as a user store. But Identity
> server does not expose a LDAP protocol endpoint by itself such that
> external clients can connect with IS directly . Also identity server work
> with different type of databases. The client’s LDAP request not supported
> to  communicate with those different type of databases.
>
> *Proposed solution*
>
> The architecture is designed to  convert that LDAPmessage to common medium
>  and then IS can use that data to communicate with any type of database.
>
> The general model adopted by this protocol is one of clients performing
> protocol operations against servers.  In this model, a client send a
> protocol request describing the operation to be performed to a server.  The
> server is then responsible for performing the necessary operation(s) in the
> Directory.Protocol operation are exchanged at the LDAP message layer.For
> the purposes of protocol exchanges, all protocol operations are
> encapsulated in a common envelope, the LDAPMessage.
>
> We suppose to do is capture the LDAPmessage  at LDAP endpoint and Identify
> the message element and map it into java objects. IS  can use these objects
> to do operation  with JDBC, MySQL,  LDAP or any other type of database.
>
>
>
>
>
>
>
>
> Steps.
>
>
>    -
>
>    Client invoke the LDAP operation or process from Identity server.
>    -
>
>    Identity server provide LDAP endpoint and It’s expose to client.
>    -
>
>    Client request the operation or process  as LDAPmessage to LDAP
>    endpoint.
>    -
>
>    LDAP endpoint capture the message.
>    -
>
>    Extract the message type and elements of captured message.
>    -
>
>    Then message element map into java objects and pass to IS user store
>    manager.
>    -
>
>    User store manager use those java objects to do the  operation with
>    data sources.
>
>
>
>
>
> Feedback on the improvement for the design is much appreciated.
>
> Thank you,
> Best Regards.
>
> --
>
> *Dineth Chalitha*
>
> *Software engineer intern *
> *WSO2, Inc.:http://wso2.com <http://wso2.com/>*
>
> *lean.enterprise.middleware*
>
> *Mobile  :- +94 71 7463047 <071%20746%203047>*
>
>    - *Linkedin* *:-
>    https://www.linkedin.com/in/dineth-chalitha-basnayake-a79032ba/
>    <https://www.linkedin.com/in/dineth-chalitha-basnayake-a79032ba/>*
>
>


-- 

*Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
email: kasung AT spamfree wso2.com
linked-in: http://lk.linkedin.com/in/gajasinghe
blog: http://kasunbg.org
phone: +1 650-745-4499, 77 678 0813
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to