[Twisted-Python] twisted ldaptor

bret curtis psi29a at gmail.com
Sun May 3 06:03:20 MDT 2015 

Hello there,

if you wish to make a pull request, file a bug report or ask Ldaptor
specific questions, you can contact the developer directly here:
https://github.com/twisted/ldaptor/issues

Not everyone who works on Ldaptor is a member of this mailing list.

I'll try to answer inline:

On Sat, May 2, 2015 at 12:37 PM, <the2nd at otpme.org> wrote:

>
> i'm currently investigating how to add ldap server support to OTPme (
> https://www.otpme.org) as i want to extend it to be a complete
> authentication/authorization system including some kind of directory
> service. so i started working on integration with ldaptor. my first
> problem, adding search support, is partly solved now. i've checked
> ldifftree.py and after some debugging i got a search() method that is able
> to do an indexed search of OTPme's directory (which is not in svn yet)
> which allows fast search results for a directory with more than 2048 users.
>
>
Congratulations! :) How are you going about this? Are these additions
backwards compatible with OpenLDAP? Are you also writing test-cases to
cover these?


> but as this is just a start there will be more problems to solve i guess.
>

There always are, when I first started using Ldaptor, startTLS was broken
which was a requirement for me to do any work with it.


> one issue i have is that an ldapsearch against ldaptor which requests just
> some attributes instead of all always returns all object attributes.
> for example the ldapsearch below returns the complete ldif of each found
> user in ldaptor (tested also with ldiftree.py):
> ldapsearch -H ldap://localhost:8080 -b "ou=users,dc=domain,dc=intern" -w
> abcd -x '(uid=*)' givenName
> Running the same search against my openldap server it returns just the dn
> and givenName attributes of each found user.
> Is this a missing feature or do i just miss something in my db class?
>

Please file an issue on github with an example (ldif entries in a txt file
would work) that can be used to test with a real OpenLDAP server. Then the
ldapsearch like you provided above and a snippit of your ldaptor code so we
can try to reproduce it.


> another important part i haven't looked at yet is how to implement
> authentication. as OTPme focus on OTPs i dont want to add any user
> passwords to the ldap tree. the smoothest solution would be to get
> username+OTP from ldaptor to do authentication. maybe you can give me some
> hints in the right direction? :)


Another issue/question for github, there are others that have spent more
time in this area of the codebase.


> and the last question for now is related the licensing. OTPme is licensed
> under GPLv2. do i run into any licensing issues when using ldaptor with
> OTPme?
>
>
Ldaptor is MIT/Expat license, if you would like to commit code then that
too must be MIT/Expat otherwise it won't be accepted. As for using Ldaptor
to talk with OTPme, there shouldn't be a license problem as they are two
separate applications/services. What exactly is your concern there?



> regards
> the2nd
>
>
Cheers,
Bret
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20150503/d9c6f0f3/attachment-0002.html>

More information about the Twisted-Python mailing list