Hi all, Thanks very much for your descriptive feedback. I modified the architecture diagram [1] according to your suggestions. As Emmanuel pointed out, I'm hoping to get an idea from apacheds-protocol-ldap subproject for intercepting messages coming from the client and using Apache LDAP API to send the modified messages to the server. I think responses coming from the server need not to be modified. They can be just captured for logging purposes, and redirected to the client unmodified.
[1] http://code.google.com/p/dirstudio-ldap-proxy/wiki/ArchitectureDiagram On 21 May 2010 13:49, Emmanuel Lecharny <[email protected]> wrote: > On 5/21/10 9:27 AM, Stefan Seelmann wrote: > >> Keheliya Gallaba schrieb: >> >> >>> Hello everyone, >>> >>> I have come up with an architecture diagram [1], with the help of >>> Seelmann, for the LDAP diagnostic tool explaining the functionality of >>> the core. I thought of implementing the initial phase with JNDI and >>> moving to the new client API later. Please send your suggestions for >>> this approach, and about the existing code components I can reuse, from >>> Directory Studio. >>> >>> [1] >>> http://code.google.com/p/dirstudio-ldap-proxy/wiki/ArchitectureDiagram >>> >>> >> When I look to this picture it reminds of the Wireshark tool. I looks >> like the "LDAP Proxy Core" only listens to the communication stream. But >> my understanding, and please correct me if I'm wrong, is that the proxy >> really intercepts the communication. >> >> >> Another though regarding JNDI and the new client API: I'm not sure if >> you can work with such high-level API at all. You have to deal with >> low-level LDAP messages, maybe you have to learn ASN.1. >> >> > Well, I think that you just need the API to resend the data to the server. > But here you have options : > - simply redirect the flow to the server without changing it > - or let the proxy connect to the remote server through the API. > > Thinking more about it, and regarding the controls we don't support, it > seems a better options not to use the API or JNDI at all. > > Now, it does not seems necessary to learn anything about ASN.1, we already > have all the needed decoders. > > An example: one use case of the tool is to just log the LDAP messages >> but leave them unmodified. In that case JNDI can't be used because you >> can't control the message it creates. However you should take a look >> into the LDAP API code and how it uses the underlying network layer >> (Apache Mina) to send LDAP requests. >> >> > Learning about MINA is definitively a must. > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.nextury.com > > > -- Keheliya Gallaba http://galpotha.wordpress.com http://twitter.com/keheliya
