ldap proxy user bind
torriem at gmail.com
Sat Feb 11 23:29:01 EST 2012
On 02/11/2012 08:35 PM, Michael Torrie wrote:
> On 02/11/2012 02:19 PM, sajuptpm wrote:
>> Hi Michael Ströder,
>> Thanks for replay
>> Yea i am not totally clear about that
>> Client's Requirement is
>> option to have a ldap proxy user bind to the ldap server if it needs
>> more directory rights than an anonymous bind.
>> option to use a ldap proxy user when searching.
> I wrote a true LDAP proxy server last year that intercepts and rewrites
> requests (bind, search, modify, etc). I used as my basis the LDAP proxy
> server that ships with Python-Twisted. Unfortunately I cannot share my
> code with you, but if you can get your head wrapped around Twisted (it's
> *extremely* hard to understand how it works at first), then this is the
> way to go.
Okay so I looked over my code. I can share some of it with you if you
want. The most simple proxy I could find (I have written several for
various purposes) was based on the Twisted LDAP proxy server class
(ldaptor.protocols.ldap.proxy). The reason I wrote it was because I had
some Sharp multi-function printers that could do LDAP authentication,
but instead of binding with a full DN, it would simply bind as
"username" which wouldn't work on my ldap server. So I wrote the LDAP
proxy server to intercept bind requests (Sharp doesn't even support SSL
blah!) and convert it to a proper DN before passing it on to the real
LDAP server. Also the LDAP search queries the sharp server generated
were crappy, so I rewrote some of the searches as well as they pass
through my proxy server. I
sharp ===> Twisted LDAP server/Twisted LDAP client ===> ldapserver
rewrite some searches,
pass thru everything
My other LDAP proxy is fancier and it uses the
ldaptor.protocols.ldap.ldapserver.BaseLDAPServer class, and instead of
using twisted's LDAP client code, I just use python-ldap. So it's a
hybrid approach I suppose. I can strip it down to bare proxy
functionality that you could build on.
client ==> twisted ldap server/python-ldap client ===> ldapserver
Anyway let me know if you want to see some code and I'll post what I can.
More information about the Python-list