Re: adding module mod_proxy to apache - OFFTOPIC

[Graham Leggett <mi...@sharp.fm>]

Ian Holsman wrote:

> why wouldn't you just implement a custom include tag to get the name
> Hello <!--#ldap get="name" -->, welcome to the page

Could do that too - but the main app I have for it is to serve large
LDAP attributes as URLs directly in a very thin layer. A example would
be to store images, whatever in an LDAP object and serve them directly
to the browser without the need for some kind of expensive layer in
between.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

Re: adding module mod_proxy to apache - OFFTOPIC

[Graham Leggett <mi...@sharp.fm>]

"Christopher R Key (Chris)" wrote:

> I believe I understand now.  Instead of proxying ldap (ldap://myproxy =>
> ldap://backend) you'll be making a macro or shortcut for ldap searches
> via http.  Correct?

Yes - the Apache frontend still only speaks HTTP (and very recently a
few other things) so proxying LDAP->LDAP won't be supported until
someone comes up with a way for Apache to be an LDAP server (not
impossible, but not likely for a while).

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

Re: adding module mod_proxy to apache - OFFTOPIC

["Christopher R Key (Chris)" <ch...@wcom.com>]

Graham Leggett wrote:
> 
> "Christopher R Key (Chris)" wrote:
> 
> > Based on what Ian and Graham have mentioned, it doesn't see as though
> > the ldap proxy will be a complete proxy (like Innosoft's directory
> > access router).  Am I mistaken?
> 
> Depends on your definition of "complete proxy". The standard "proxy" way
> of handling things seems simplistically to be:
> 
> - open up a tcp connection to proxy
> - say GET <URL> HTTP/1.1
> - say Host: <hostname:port>\n\n
> - Get some data back
> 
> In the case of the LDAP proxy we simply now understand ldap: URLS in
> addition to http: and ftp: URLs as we do now.

I believe I understand now.  Instead of proxying ldap (ldap://myproxy =>
ldap://backend) you'll be making a macro or shortcut for ldap searches
via http.  Correct?

-- 

Chris

--
Non-Reciprocal Laws of Expectations:
	Negative expectations yield negative results.
	Positive expectations yield negative results.

Re: adding module mod_proxy to apache - OFFTOPIC

[Graham Leggett <mi...@sharp.fm>]

"Christopher R Key (Chris)" wrote:

> Based on what Ian and Graham have mentioned, it doesn't see as though
> the ldap proxy will be a complete proxy (like Innosoft's directory
> access router).  Am I mistaken?

Depends on your definition of "complete proxy". The standard "proxy" way
of handling things seems simplistically to be:

- open up a tcp connection to proxy
- say GET <URL> HTTP/1.1
- say Host: <hostname:port>\n\n
- Get some data back

In the case of the LDAP proxy we simply now understand ldap: URLS in
addition to http: and ftp: URLs as we do now.

Exactly like with ftp: URLs, ldap: URLs that return multiple objects
would be output in a standard way (eg LDIF) and could be processed by a
filter into whatever you want.

> Also, has any thought been given to how
> non-anonymous ldap connections will be handled (if at all)?

In theory you could handle it like this:
ldap://user:pass@hostname/foo... although the user:pass bit doesn't seem
to be in the official LDAP URL spec when last I looked (I could be
wrong). Another way of doing it is to define an config option for the
binddn and bindpw that would be used to do the search.

Regards,
Graham 
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

Re: adding module mod_proxy to apache - OFFTOPIC

["Christopher R Key (Chris)" <ch...@wcom.com>]

Graham Leggett wrote:
> 
> Ian Holsman wrote:
> 
> > why wouldn't you just implement a custom include tag to get the name
> > Hello <!--#ldap get="name" -->, welcome to the page
> 
> Could do that too - but the main app I have for it is to serve large
> LDAP attributes as URLs directly in a very thin layer. A example would
> be to store images, whatever in an LDAP object and serve them directly
> to the browser without the need for some kind of expensive layer in
> between.

Maybe I haven't been paying attention to all of the LDAP discussion. 
Based on what Ian and Graham have mentioned, it doesn't see as though
the ldap proxy will be a complete proxy (like Innosoft's directory
access router).  Am I mistaken?  Also, has any thought been given to how
non-anonymous ldap connections will be handled (if at all)? 

Thanks for all the work.
-- 

Chris

--
Flugg's Law:
	When you need to knock on wood is when you realize
	that the world is composed of vinyl, naugahyde and aluminum.