[apacheDS][MINA] proxying HOW-TO ?

Sun, 29 Jan 2006 07:01:25 -0800 

Hi everybody
I'm introducing myself : I'm working into LDAP directories for 3 years now and into Java for the same time. 

I'm very interested in apacheDS and in particular the proxy aspect.

---------------------------
Ze concern
---------------------------

I explain :

I want to transform a multi-appliaction common LDAP directory server 
with group application properties into a user application attribute 
directory.



Now my directory is a big fat one (90.000 peoples) with several 
applications using it to do auth. and identification.



Applications use it also to get some business information. The only way 
for application to store and retrieve such information is using 
groupOfUniquemebers in dedicated namespace (ou=<application>, ou=groups, 
dc=...).


It works very well, but all clients applications are not done wery well :)
They're doing such a mess that I have to clean their groups sometime.



In my book, I would use a common attribute, say 'myBusinessAttribute' 
for them to store business information.



Each application could set some prefixed values into 
'myBusinessAttribute' as :


myBusinessAttribute: [EMAIL PROTECTED] BU123
myBusinessAttribute: [EMAIL PROTECTED] BU125
myBusinessAttribute: [EMAIL PROTECTED] newspapers/Le Monde/Liberation/
myBusinessAttribute: [EMAIL PROTECTED]://www.springframework.org/rss.xml


Very nice, but... but LDAP security model is not so fine grained, and as 
I don't trust application designers, I don't trust them to write without 
control.


------------------------------------
When Ze apacheDS come in Ze story
------------------------------------

It's here apacheDS come in !!


I would use apacheDS to do transparent proxying to my actual big fat 
directory and control on modificationRequest the good attribute values.




    |------- read 389 ---------------->|-----------|
 --------              ---------       |           |
| client | -- write -->| PROXY |------>| Directory |
 --------     port 391 |  391  | 389   |  389      |
                       --------        -------------


I have read that Jêrome Baumgarten have tried to do such a thing (@see 
Using Eve as a proxy to an existing LDAP server - Interceptor HOW-TO)



I'm trying to do so using a custom Session Registry with a custom 
LdapProtocolProvider and registring into a mina registry, but there's 
some tied dependencies I fail to erase.


So my question is : Filtering Proxy How to do ?

Thanks

Marc DeXeT














    











					Reply via email to