[JDEV] LDAP enabling the entire server

temas temas at box5.net
Thu May 10 11:47:21 CDT 2001 

There are some changes planned to XDB, but I don't think they are as
large as you might be looking for.  Have you looked at doing an actual
JSM module for some of the functionality you need?

--temas

On 10 May 2001 13:43:44 +1000, Robert Norris wrote:
> I've been looking at making Jabber work with our LDAP server. The things
> I've done so far:
> 
>  - Written a replacement plaintext auth module for the JSM that checks
>    against the LDAP server.
>  - Written an XDB module that handles 'vcard-temp' (only done 'get'
>    operations so far).
> 
> (I'm not using the CVS xdb_ldap because it requires schema changes and
> read access to userPassword, both of which our directory adminstrator is
> somewhat reluctant to implement).
> 
> Next on the agenda was hacking the conference server to use an LDAP filter
> for access control.
> 
> The problem is that every module that uses LDAP requires its own LDAP
> settings (host, port, base DN, etc), as config cannot be shared across
> modules.
> 
> My first thought was to solve this by having a module that performs LDAP
> operations on behalf of other parts of the server, similar to what dnsrv
> does for DNS. This could work, but the JSM module would not be able to
> use it (at least not in any way I can see).
> 
> XDB is essentially what I want, except that it only has support for storage
> and retrieval of data, not searching. I realise that its not really suited
> to this task, but I think an abstract way of searching data would be quite
> useful (maybe a seperate server module all together?)
> 
> Authentication is even harder. The LDAP authentication method is quite
> idiosyncratic, and really belongs in the JSM, since (at least for now)
> its an IM feature.
> 
> So I guess my questions are:
> 
> 1. Is there any clean, modular, generic way to do LDAP (or SQL or whatever)
>    operations all in one place.
> 2. Are there any plans to extend XDB (or some other mechanism) to perform
>    searches?
> 
> I'd be happy to code anything that is needed, I just have can't flesh out
> a nice solution in my head :)
> 
> Regards,
> Rob.

More information about the JDev mailing list