ldap proxy user bind

Michael Torrie torriem at gmail.com
Sat Feb 11 23:29:01 EST 2012

On 02/11/2012 08:35 PM, Michael Torrie wrote:
> On 02/11/2012 02:19 PM, sajuptpm wrote:
>> Hi Michael Ströder,
>> Thanks for replay
>> Yea i am not totally clear about that
>> Client's Requirement is
>> option to have a ldap proxy user bind to the ldap server if it needs
>> more directory rights than an anonymous bind.
>> option to use a ldap proxy user when searching.
> I wrote a true LDAP proxy server last year that intercepts and rewrites
> requests (bind, search, modify, etc).  I used as my basis the LDAP proxy
> server that ships with Python-Twisted.  Unfortunately I cannot share my
> code with you, but if you can get your head wrapped around Twisted (it's
> *extremely* hard to understand how it works at first), then this is the
> way to go.

Okay so I looked over my code.  I can share some of it with you if you
want.  The most simple proxy I could find (I have written several for
various purposes) was based on the Twisted LDAP proxy server class
(ldaptor.protocols.ldap.proxy).  The reason I wrote it was because I had
some Sharp multi-function printers that could do LDAP authentication,
but instead of binding with a full DN, it would simply bind as
"username" which wouldn't work on my ldap server.  So I wrote the LDAP
proxy server to intercept bind requests (Sharp doesn't even support SSL
blah!) and convert it to a proper DN before passing it on to the real
LDAP server.  Also the LDAP search queries the sharp server generated
were crappy, so I rewrote some of the searches as well as they pass
through my proxy server.  I

sharp ===> Twisted LDAP server/Twisted LDAP client ===> ldapserver
             rewrite bind,
             rewrite some searches,
             pass thru everything

My other LDAP proxy is fancier and it uses the
ldaptor.protocols.ldap.ldapserver.BaseLDAPServer class, and instead of
using twisted's LDAP client code, I just use python-ldap.  So it's a
hybrid approach I suppose.  I can strip it down to bare proxy
functionality that you could build on.

client ==> twisted ldap server/python-ldap client ===> ldapserver

Anyway let me know if you want to see some code and I'll post what I can.

More information about the Python-list mailing list