Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #20247

Re: ldap proxy user bind

Date 2012-02-11 21:29 -0700
From Michael Torrie <torriem@gmail.com>
Subject Re: ldap proxy user bind
References <452a9dab-af23-44ef-9460-33a6fbf6faf0@g4g2000pbi.googlegroups.com> <jh6iml$g37$1@dont-email.me> <224a1023-a78f-4658-92b3-8448e305e6bd@iu7g2000pbc.googlegroups.com> <4F373385.2090505@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.5714.1329020951.27778.python-list@python.org> (permalink)

Show all headers | View raw

On 02/11/2012 08:35 PM, Michael Torrie wrote:
> On 02/11/2012 02:19 PM, sajuptpm wrote:
>> Hi Michael Ströder,
>> Thanks for replay
>>
>> Yea i am not totally clear about that
>>
>> Client's Requirement is
>> option to have a ldap proxy user bind to the ldap server if it needs
>> more directory rights than an anonymous bind.
>> option to use a ldap proxy user when searching.
> 
> I wrote a true LDAP proxy server last year that intercepts and rewrites
> requests (bind, search, modify, etc).  I used as my basis the LDAP proxy
> server that ships with Python-Twisted.  Unfortunately I cannot share my
> code with you, but if you can get your head wrapped around Twisted (it's
> *extremely* hard to understand how it works at first), then this is the
> way to go.

Okay so I looked over my code.  I can share some of it with you if you
want.  The most simple proxy I could find (I have written several for
various purposes) was based on the Twisted LDAP proxy server class
(ldaptor.protocols.ldap.proxy).  The reason I wrote it was because I had
some Sharp multi-function printers that could do LDAP authentication,
but instead of binding with a full DN, it would simply bind as
"username" which wouldn't work on my ldap server.  So I wrote the LDAP
proxy server to intercept bind requests (Sharp doesn't even support SSL
blah!) and convert it to a proper DN before passing it on to the real
LDAP server.  Also the LDAP search queries the sharp server generated
were crappy, so I rewrote some of the searches as well as they pass
through my proxy server.  I

sharp ===> Twisted LDAP server/Twisted LDAP client ===> ldapserver
             rewrite bind,
             rewrite some searches,
             pass thru everything

My other LDAP proxy is fancier and it uses the
ldaptor.protocols.ldap.ldapserver.BaseLDAPServer class, and instead of
using twisted's LDAP client code, I just use python-ldap.  So it's a
hybrid approach I suppose.  I can strip it down to bare proxy
functionality that you could build on.

client ==> twisted ldap server/python-ldap client ===> ldapserver

Anyway let me know if you want to see some code and I'll post what I can.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

ldap proxy user bind sajuptpm <sajuptpm@gmail.com> - 2012-02-10 23:27 -0800
  Re: ldap proxy user bind Michael Ströder <michael@stroeder.com> - 2012-02-11 21:22 +0100
    Re: ldap proxy user bind sajuptpm <sajuptpm@gmail.com> - 2012-02-11 13:19 -0800
      Re: ldap proxy user bind Michael Torrie <torriem@gmail.com> - 2012-02-11 20:35 -0700
      Re: ldap proxy user bind Michael Torrie <torriem@gmail.com> - 2012-02-11 21:29 -0700
        Re: ldap proxy user bind sajuptpm <sajuptpm@gmail.com> - 2012-02-11 23:16 -0800
      Re: ldap proxy user bind Michael Ströder <michael@stroeder.com> - 2012-02-12 13:57 +0100

csiph-web