[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap proxy



thank for answer .
i ll  try to implement proxy service with "shell backend" and an old friend
script in perl . ;-)

$a+
eric german
ministere des finances
france
----- Original Message -----
From: Pierangelo Masarati <masarati@aero.polimi.it>
To: eric German <eric.german@waika9.com>
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
Sent: Monday, March 26, 2001 10:22 AM
Subject: Re: ldap proxy


> eric German wrote:
>
> > hi , i m  finding a patch for transforming openldap to proxy ldap
> > is this patch work well ?
> > i want to change openldap in proxy ldap , can i do this ?
>
> Hi.
>
> It is not clear which patch you mean. An ldap proxy feature
> is currently available with OpenLDAP 2.0 (although it is
> partially broken). The version you may get from the HEAD
> branch of the cvs at openldap.org uses many improvements
> that are still under development. These include suffix
> massaging (the ldap proxy may use a naming context that
> is different from that of the target directory server), attribute
> mapping (objectClass/attribute names are remapped back and
> forth from the proxy to the target directory servers and some
> bug fixes/small improvements.
> Moreover, there is a patch (ITS 1054)
>
>
ftp://ftp.openldap.org/incoming/pierangelo-masarati-rewrite-2001-03-03.patch
>
> that I wrote, which can be applied to the HEAD branch of the
> cvs tree as of March 3, 2001. It superseedes the previous patch of
> ITS 989 and obsoletes also the remarks of ITS 998 and 1002.
> It has not been accepted yet (not even considered, I suppose) so
> let me say that you use it at own risk. This patch adds some rewrite
> capability to the ldap proxy, mostly dedicated to
> bind/add/modify/delete/compare dn and search base/filter/result/referral
>
> by using regexes and session wide variable setting/substitution.
>
> If you simply need to talk ldap across a firewall, then the ldap proxy
> capabilities of the release OpenLDAP 2.0 will suffice (although you
> should consider ITS 919 (fixed in devel) and maybe ITS 999 if you
> cannot check/trust the schema of the target directory server.
> If you need heavy massaging/mapping/rewriting capabilities you
> should revert to the devel code (possibly with the unofficial rewrite
> patch of ITS 1054).
>
> Please, consider directing further questions to the appropriate
> list at OpenLDAP.org.
>
> Regards, Pierangelo.
>
>
>
> --
> Dr. Pierangelo Masarati               | voice: +39 02 2399 8365
> Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
> Politecnico di Milano                 | mailto:masarati@aero.polimi.it
> via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati
>
>
>