Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <torriem@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.005
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; "(it's": 0.09; 'bind': 0.09; 'etc).': 0.09; 'ldap': 0.09; 'modify,': 0.09; 'okay': 0.09; 'anyway': 0.09; 'class,': 0.15; 'first),': 0.16; 'from:addr:torriem': 0.16; 'from:name:michael torrie': 0.16; 'rewrites': 0.16; 'rewrote': 0.16; 'subject:ldap': 0.16; 'subject:proxy': 0.16; 'subject:user': 0.16; 'suppose.': 0.16; 'thru': 0.16; 'twisted': 0.16; 'looked': 0.16; "wouldn't": 0.17; 'wrote:': 0.18; 'rewrite': 0.18; 'written': 0.19; 'wrote': 0.21; "doesn't": 0.22; 'header:In-Reply-To:1': 0.22; 'convert': 0.25; 'code.': 0.26; 'code': 0.26; 'code,': 0.28; 'server.': 0.28; 'pass': 0.29; 'class': 0.29; 'pm,': 0.29; 'server': 0.30; 'bare': 0.30; 'can.': 0.30; "client's": 0.30; 'message-id:@gmail.com': 0.31; 'skip:( 30': 0.31; 'michael': 0.31; 'anonymous': 0.32; 'go.': 0.32; 'thanks': 0.32; 'requests': 0.32; 'totally': 0.32; 'header:User-Agent:1': 0.33; 'instead': 0.33; 'searches': 0.34; 'ssl': 0.34; 'to:addr:python-list': 0.35; 'post': 0.36; 'received:org': 0.36; 'but': 0.37; 'using': 0.37; "i'll": 0.38; 'uses': 0.38; 'received:192': 0.38; 'could': 0.38; 'some': 0.38; 'several': 0.38; 'option': 0.39; 'cannot': 0.39; 'client': 0.40; 'user': 0.40; 'to:addr:python.org': 0.40; 'more': 0.61; 'simple': 0.61; 'your': 0.61; 'full': 0.62; 'share': 0.66; 'rights': 0.68; '08:35': 0.84; 'hybrid': 0.84; 'replay': 0.84; 'printers': 0.91; 'ships': 0.91
X-Virus-Scanned: amavisd-new at torriefamily.org
Date: Sat, 11 Feb 2012 21:29:01 -0700
From: Michael Torrie <torriem@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Fedora/3.1.16-1.fc14 Lightning/1.0b3pre Thunderbird/3.1.16
MIME-Version: 1.0
To: python-list@python.org
Subject: Re: ldap proxy user bind
References: <452a9dab-af23-44ef-9460-33a6fbf6faf0@g4g2000pbi.googlegroups.com>	<jh6iml$g37$1@dont-email.me>	<224a1023-a78f-4658-92b3-8448e305e6bd@iu7g2000pbc.googlegroups.com> <4F373385.2090505@gmail.com>
In-Reply-To: <4F373385.2090505@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.5714.1329020951.27778.python-list@python.org>
Lines: 46
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1329020951 news.xs4all.nl 6861 [2001:888:2000:d::a6]:49160
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:20247

On 02/11/2012 08:35 PM, Michael Torrie wrote:
> On 02/11/2012 02:19 PM, sajuptpm wrote:
>> Hi Michael Ströder,
>> Thanks for replay
>>
>> Yea i am not totally clear about that
>>
>> Client's Requirement is
>> option to have a ldap proxy user bind to the ldap server if it needs
>> more directory rights than an anonymous bind.
>> option to use a ldap proxy user when searching.
> 
> I wrote a true LDAP proxy server last year that intercepts and rewrites
> requests (bind, search, modify, etc).  I used as my basis the LDAP proxy
> server that ships with Python-Twisted.  Unfortunately I cannot share my
> code with you, but if you can get your head wrapped around Twisted (it's
> *extremely* hard to understand how it works at first), then this is the
> way to go.

Okay so I looked over my code.  I can share some of it with you if you
want.  The most simple proxy I could find (I have written several for
various purposes) was based on the Twisted LDAP proxy server class
(ldaptor.protocols.ldap.proxy).  The reason I wrote it was because I had
some Sharp multi-function printers that could do LDAP authentication,
but instead of binding with a full DN, it would simply bind as
"username" which wouldn't work on my ldap server.  So I wrote the LDAP
proxy server to intercept bind requests (Sharp doesn't even support SSL
blah!) and convert it to a proper DN before passing it on to the real
LDAP server.  Also the LDAP search queries the sharp server generated
were crappy, so I rewrote some of the searches as well as they pass
through my proxy server.  I

sharp ===> Twisted LDAP server/Twisted LDAP client ===> ldapserver
             rewrite bind,
             rewrite some searches,
             pass thru everything

My other LDAP proxy is fancier and it uses the
ldaptor.protocols.ldap.ldapserver.BaseLDAPServer class, and instead of
using twisted's LDAP client code, I just use python-ldap.  So it's a
hybrid approach I suppose.  I can strip it down to bare proxy
functionality that you could build on.

client ==> twisted ldap server/python-ldap client ===> ldapserver

Anyway let me know if you want to see some code and I'll post what I can.