I know about Penrose but I would preferably use ApacheDS since Penrose does more than I actually need.
With a proxy, the information about the user won't be in the ApacheDS base but part of the proxyed LDAP server. From what I've understood I thus need to provide my own Authenticator. That authenticator should just authentify the user against the proxyed LDAP. To do that I need to know to which ContextPartition that user (DN) belongs to. Is it possible to get that information from within the authenticator ? Like given a DN, is it possible to get the ContextPartition it belongs to ? Another way, is it possible to associate an authenticator with one or more partitions ? Regards, Jérôme On 8/16/05, Marc Boorshtein <[EMAIL PROTECTED]> wrote: > Ah, yes. You are 100% correct in your assumptions then. BTW, there > is already a virtual directory (based on apacheds) Called Penrose. > I've not tried it but I think it has a mapping capability in addition > to proxy support. > > Marc > > > On 8/16/05, Jérôme Baumgarten <[EMAIL PROTECTED]> wrote: > > I understand that to do simple proxying all I need to do is to > > implement my own ContextPartition. But this is only the first step of > > what I plan to do. > > > > The second step (as explained in my first post) is to be able to > > change, if necessary, incoming requests (like the filter), change the > > outgoing results, and maybe send the proxyed LDAP server some LDAP > > requests to enrich the results ApacheDS should send back to the > > client. To my understanding, this could be done as an interceptor, > > thus leaving my ContextPartition just doing proxying and nothing else. > > Am I correct ? My intend is to have a ContextPartition that only does > > proxying, nothing else, making it a reusable component for myself and > > anyone else interested. I believe that what needs to be done to > > realize my step 2 should definitely not be in the ContextPartition. > > > > On 8/16/05, Marc Boorshtein <[EMAIL PROTECTED]> wrote: > > > I thinkyou are confusing interceptors and contexts. An interceptor is > > > something that sits between the protocol stack and the context (just > > > as a servlet filter sits between the container and the servlet/jsp). > > > You want to look at implementing a custom partition, which is covered > > > in the wikis. > > > > > > You are correct in your assertion that you do not need to worry about > > > schema (for the most part) when proxying a remote directory. > > > > > > Marc > > > > > > On 8/16/05, Jérôme Baumgarten <[EMAIL PROTECTED]> wrote: > > > > On 8/12/05, Trustin Lee <[EMAIL PROTECTED]> wrote: > > > > > Hello, > > > > > > > > > > 2005/8/11, Jérôme Baumgarten <[EMAIL PROTECTED]>: > > > > > > In this PowerPoint presentation > > > > > > ( > > > > > http://www.google.com/url?sa=t&ct=res&cd=1&url=https%3A//karasulu.homeip.net/svn/akarasulu/apachecon/eve-presentation/eve-intro-long.ppt&ei=DTb7QuLIE8emQeOnwNMB), > > > > > > I've read that it is possible to use Eve as a proxy to an existing > > > > > > LDAP server. > > > > > > > > > > Yes, you can. There is an interface called 'ContextPartition' that > > > > > you can > > > > > implement. You could implement it to work as a proxy to other LDAP > > > > > server. > > > > > > > > > > > > > > > > The second step is a bit more complicated but it seems that with > > > > > > some > > > > > > coding that should be possible. To make that off-the-shelf > > > > > > application > > > > > > work my own LDAP using custom model and schema, I would need to be > > > > > > able to "catch" incoming requests and under some conditions > > > > > > re-evaluate search to return the correct results. According to that > > > > > > same presentation, I believe that I should go for the Interceptor. > > > > > > Is > > > > > > there any information available out there to help me deal with it ? > > > > > > > > > > You can generate ApacheDS schema classes from LDAP schema file using > > > > > a > > > > > Maven plugin we've created. And of course you can configure ApacheDS > > > > > to > > > > > load them when it starts up. > > > > > > > > Thanks, But is this mandatory ? In the first step, all I want it to do > > > > is to proxy (relay) incoming LDAP requests to another LDAP server. To > > > > what extend ApacheDS needs to know the schema to just relay the > > > > requests ? > > > > > > > > Also, is there any publicly available documentation on the > > > > interceptors ? It looks like that is the way to go to fulfill myu > > > > second step. > > > > > > > > > Trustin-- > > > > > what we call human nature is actually human habit > > > > > -- > > > > > http://gleamynode.net/ > > > > > > > > Regards, > > > > Jérôme > > > > > > > > > >
