On 2/14/2013 8:06 AM, Simo Sorce wrote:
On Thu, 2013-02-14 at 14:26 +0100, Petr Spacek wrote:
In my Fedora 17 I found package python-ldaptor. It seems to offer nice support
for writing own event-based LDAP servers. For simple LDAP proxy it could be
enough.
$ yum install python-ldaptor
$ python
import ldaptor.protocols.ldap.ldapserver
help(ldaptor.protocols.ldap.ldapserver)
No.
LDAP proxies are *not* simple.
Ask Endi he's worked on a meta-directory for years.
Simo.
It depends on what you want to do with the proxy. If it's only a thin
layer which converts the LDAP ADD to IPA user-add it might not be that
complicated.
Penrose virtual directory consists of a frontend LDAP interface, a
transformation engine, and backends which may include an LDAP server as
well. The front-end LDAP interface is the proxy we're talking about
here, it's only used to receive LDAP requests and pass them to the
transformation engine.
The transformation engine is where the complexity occurs. In IPA this is
already handled by the framework. In Penrose it's quite complex because
it aims to provide a generic way to map an LDAP request to multiple
backends which involves dealing with different types of backends,
joining the backends, transforming the DN & attributes back and forth, etc.
So I'd say implementing an LDAP frontend for IPA using Python is
something worth exploring. That way it can run in the same process so
there's no concern about JSON performance/stability.
--
Endi S. Dewata
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
