[Date Prev][Date Next]
Re: ldap proxy
eric German wrote:
> hi , i m finding a patch for transforming openldap to proxy ldap
> is this patch work well ?
> i want to change openldap in proxy ldap , can i do this ?
It is not clear which patch you mean. An ldap proxy feature
is currently available with OpenLDAP 2.0 (although it is
partially broken). The version you may get from the HEAD
branch of the cvs at openldap.org uses many improvements
that are still under development. These include suffix
massaging (the ldap proxy may use a naming context that
is different from that of the target directory server), attribute
mapping (objectClass/attribute names are remapped back and
forth from the proxy to the target directory servers and some
bug fixes/small improvements.
Moreover, there is a patch (ITS 1054)
that I wrote, which can be applied to the HEAD branch of the
cvs tree as of March 3, 2001. It superseedes the previous patch of
ITS 989 and obsoletes also the remarks of ITS 998 and 1002.
It has not been accepted yet (not even considered, I suppose) so
let me say that you use it at own risk. This patch adds some rewrite
capability to the ldap proxy, mostly dedicated to
bind/add/modify/delete/compare dn and search base/filter/result/referral
by using regexes and session wide variable setting/substitution.
If you simply need to talk ldap across a firewall, then the ldap proxy
capabilities of the release OpenLDAP 2.0 will suffice (although you
should consider ITS 919 (fixed in devel) and maybe ITS 999 if you
cannot check/trust the schema of the target directory server.
If you need heavy massaging/mapping/rewriting capabilities you
should revert to the devel code (possibly with the unofficial rewrite
patch of ITS 1054).
Please, consider directing further questions to the appropriate
list at OpenLDAP.org.
Dr. Pierangelo Masarati | voice: +39 02 2399 8365
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:email@example.com
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati