[Freeipa-devel] [RFC] Creating a new plugin to make it simpler to add users via LDAP
Endi Sukma Dewata
edewata at redhat.com
Thu Feb 14 17:33:32 UTC 2013
On 2/14/2013 8:06 AM, Simo Sorce wrote:
> On Thu, 2013-02-14 at 14:26 +0100, Petr Spacek wrote:
>
>> In my Fedora 17 I found package python-ldaptor. It seems to offer nice support
>> for writing own event-based LDAP servers. For simple LDAP proxy it could be
>> enough.
>>
>> $ yum install python-ldaptor
>> $ python
>> import ldaptor.protocols.ldap.ldapserver
>> help(ldaptor.protocols.ldap.ldapserver)
>
> No.
> LDAP proxies are *not* simple.
>
> Ask Endi he's worked on a meta-directory for years.
>
> Simo.
It depends on what you want to do with the proxy. If it's only a thin
layer which converts the LDAP ADD to IPA user-add it might not be that
complicated.
Penrose virtual directory consists of a frontend LDAP interface, a
transformation engine, and backends which may include an LDAP server as
well. The front-end LDAP interface is the proxy we're talking about
here, it's only used to receive LDAP requests and pass them to the
transformation engine.
The transformation engine is where the complexity occurs. In IPA this is
already handled by the framework. In Penrose it's quite complex because
it aims to provide a generic way to map an LDAP request to multiple
backends which involves dealing with different types of backends,
joining the backends, transforming the DN & attributes back and forth, etc.
So I'd say implementing an LDAP frontend for IPA using Python is
something worth exploring. That way it can run in the same process so
there's no concern about JSON performance/stability.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list