Dumb question: Can Zope be used as a LDAP server?
Seems to me that Zope is almost there. Can anyone tell me why, or why not. Thanks ahead of time, Luis.
On Sunday 08 December 2002 00:40, Luis Cortes wrote:
Seems to me that Zope is almost there. Can anyone tell me why, or why not.
Interesting you bring it up, since Steve Alexander and I discussed this for Zope 3 just the other day. First of all, the LDAP protocol is huge and difficult! It would be great, if we could start from some sort of a Python-based LDAP implementation to start with.
From then on, it is all pretty easy...
Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
Hi Luis, Zope is an application server, where you can run your own LDAP-administration software. But the LDAP-Server is a standalone server which is not zope ! You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server. Regards, Dirk
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book. Bye -- Luca Olivetti
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
Twisted (http://www.twistedmatrix.com) is where you would want to be for something like this. At some point in Zope 3, Twisted and Zope may become more aware of eachother, so my suggestion is to help develop a Twisted-based LDAP server, which could then easily communicate with Zope. Hope this helps, Eron On Sunday 08 December 2002 09:56 am, Stephan Richter wrote:
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start.
Regards, Stephan
On Sunday 08 December 2002 10:08, Eron Lloyd wrote:
Twisted (http://www.twistedmatrix.com) is where you would want to be for something like this. At some point in Zope 3, Twisted and Zope may become more aware of eachother, so my suggestion is to help develop a Twisted-based LDAP server, which could then easily communicate with Zope.
Well, actually Twisted works already for a long time with Zope 3. Itamar worked hard on getting this done. However, there are several issues with a Twisted-based LDAP approach: 1. The current Twisted LDAP code does not have the right license. Anyway, I prefer having something in the Zope core with the ZPL. 2. I still have to write all the Request and Publisher code, which is also a lot of work, especially for something like LDAP. (I thought the VFSPublisher code was a lot, but this is about 5 times (wild guess) bigger.) On the other hand, Shane and I took a lot of time to modularize the server framework for Zope 3 when porting Medusa to the new framework, which could mean that the Twisted module would do just fine. But then Steve and I agree we do not want our LDAP server depend on Twisted. :-) I will have to investigate that further when I have time. But I still would love it, if some others would step up and write a **basic** LDAP server. I can help them to integrate it into Zope later. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
On Sunday 08 December 2002 10:27 am, Stephan Richter wrote:
On Sunday 08 December 2002 10:08, Eron Lloyd wrote:
Twisted (http://www.twistedmatrix.com) is where you would want to be for something like this. At some point in Zope 3, Twisted and Zope may become more aware of eachother, so my suggestion is to help develop a Twisted-based LDAP server, which could then easily communicate with Zope.
Well, actually Twisted works already for a long time with Zope 3. Itamar worked hard on getting this done.
Excellent. Three cheers to Itamar and others that led this effort!
However, there are several issues with a Twisted-based LDAP approach:
1. The current Twisted LDAP code does not have the right license. Anyway, I prefer having something in the Zope core with the ZPL.
When you say "something in the Zope core", do you mean LDAP *client* or *server* code? I hope you mean client, as most users wouldn't need to have a full server available in the distribution. As an add-on, however, would be very cool. I'll have to look into the licensing issues. From conversations in #twisted, it looks like the ldaptor code will be going through some changes (don't quote me on that one, though).
2. I still have to write all the Request and Publisher code, which is also a lot of work, especially for something like LDAP. (I thought the VFSPublisher code was a lot, but this is about 5 times (wild guess) bigger.)
Do you mean when communicating to an LDAP server? If this is the case it may make more sense to expose a Twisted Perspective Broker interface for data exchange. I could be wrong, since I'm not too familiar with VFSPublisher, yet.
On the other hand, Shane and I took a lot of time to modularize the server framework for Zope 3 when porting Medusa to the new framework, which could mean that the Twisted module would do just fine. But then Steve and I agree we do not want our LDAP server depend on Twisted. :-)
Here is one of my main concerns. Twisted already provides a relatively stable generic client *and* server framework. Remember, Twisted is not just a Web server. Twisted is a network application framework as Zope is a Web application framework. To push Zope more into becoming a generalized server platform on its own seems unneccessary (though I certainly praise your efforts!). Also, the required dependancy of Twisted (which is only a small fraction of the actual Twisted codebase--the framework code), which will provide many productivity and extensibility gains *greatly* outweighs the alternative (doing it from scratch).
I will have to investigate that further when I have time. But I still would love it, if some others would step up and write a **basic** LDAP server. I can help them to integrate it into Zope later.
Awesome. I know it's probably finals time (it is for me, too). The next major release of Twisted will see more work on the servers (this includes email, news, messaging, LDAP, Web, and more). Twisted is becoming more mature all the time, so keep it in mind. We'll probably be much closer to your needs by that point.
Regards, Stephan
Cheers, Eron
Stephan Richter schrieb:
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start.
I would suggest: put the contacts database on a real LDAP-Server (e.g. openldap - full functional and very well working LDAP-server) Write on top of Zope your management tool for that contacts database. There are some products to do this: LDAPUserFolder + LDAPDirectoryManager -> use the right tool for the right issue, don't reinvent the wheel ! Regards, Dirk
The thing is, this happens all the time. Zope itself does this in several places. I guess it also depends though on how much time you're willing to invest (or have in the first place!) ;-) Cheers, Eron
-> use the right tool for the right issue, don't reinvent the wheel !
Regards, Dirk
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) --- [This E-mail scanned for viruses by Declude Virus]
On Sunday 08 December 2002 10:18, Eron Lloyd wrote:
The thing is, this happens all the time. Zope itself does this in several places. I guess it also depends though on how much time you're willing to invest (or have in the first place!) ;-)
Well, Gnome and KDE reinvent the wheel too among each other. Different implmenetations for different purposes is not necessarily a bad thing. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
On Sunday 08 December 2002 10:10, Dirk Datzert wrote:
I would suggest: put the contacts database on a real LDAP-Server (e.g. openldap - full functional and very well working LDAP-server)
Write on top of Zope your management tool for that contacts database. There are some products to do this: LDAPUserFolder + LDAPDirectoryManager
-> use the right tool for the right issue, don't reinvent the wheel !
Hi Dirk! I think the approach you suggest here does not solve the problem. The idea is to have a nice contact database (or whatever data you like) in the ZODB and then you want to be able to use it in Mozilla...at least that is Steve's motivation. HAving data in the ZODB and serve it up via LDAP is a REALLY cool idea. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
dirk hits it on the head. why reinvent the wheel? it is not that hard to install and run OpenLDAP and even create your own custom schemata. and then there are products that enable you to maintain the data in LDAP from within zope itself. what's next, a gopher server for zope? ;) jens P.S.: i agree that it would be a somewhat cool thing. but is the undoubtedly large effort worth it? you'll work a lot and never match the capabilities of a real LDAP server. On Sunday, Dec 8, 2002, at 10:10 US/Eastern, Dirk Datzert wrote:
Stephan Richter schrieb:
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start.
I would suggest: put the contacts database on a real LDAP-Server (e.g. openldap - full functional and very well working LDAP-server)
Write on top of Zope your management tool for that contacts database. There are some products to do this: LDAPUserFolder + LDAPDirectoryManager
-> use the right tool for the right issue, don't reinvent the wheel !
Regards, Dirk
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Sunday 08 December 2002 11:06, Jens Vagelpohl wrote:
P.S.: i agree that it would be a somewhat cool thing. but is the undoubtedly large effort worth it? you'll work a lot and never match the capabilities of a real LDAP server.
I think so. My goal is not to match all capabilities, but just enough so it can be used with Mozilla. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training
I think this is probably my biggest concern with Zope...what does it want to be? With Twisted, it's simple--it wants to become as much as possible, as integrated as possible, as soon as possible. The truth is, when developing network applications, you *will* usually need several different disparate systems, like HTTP, IMAP, and LDAP. This is a big reason why platforms like MS Exchange are so popular. Also, as in projects like KDE, users benefit from the *tight* integration of it's applications. When building a Web community, for example, it would be much easier to configure and develop when the Web, email, and messaging servers are all based on the same platform. Compared to using an Apache, Courier, Jabber combo, all having different needs, administration, configuration, and communication facilities. So I guess this is why the conversation keeps coming back up...users *want* that level of integration. Zope already has one foot in the door in this respect. So to me, it's never a matter of wheel re-invention, but a matter of integration and need. The old UNIX adage, "do one thing well" is pretty much a thing of the past. Cheers, Eron On Sunday 08 December 2002 11:06 am, Jens Vagelpohl wrote:
dirk hits it on the head.
why reinvent the wheel? it is not that hard to install and run OpenLDAP and even create your own custom schemata. and then there are products that enable you to maintain the data in LDAP from within zope itself.
what's next, a gopher server for zope? ;)
jens
P.S.: i agree that it would be a somewhat cool thing. but is the undoubtedly large effort worth it? you'll work a lot and never match the capabilities of a real LDAP server.
On Sunday, Dec 8, 2002, at 10:10 US/Eastern, Dirk Datzert wrote:
Stephan Richter schrieb:
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start.
I would suggest: put the contacts database on a real LDAP-Server (e.g. openldap - full functional and very well working LDAP-server)
Write on top of Zope your management tool for that contacts database. There are some products to do this: LDAPUserFolder + LDAPDirectoryManager
-> use the right tool for the right issue, don't reinvent the wheel !
Regards, Dirk
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) --- [This E-mail scanned for viruses by Declude Virus]
maybe i'm very conservative on these matters, but i still believe very much in "do one thing well". if you're trying to do everything under the sun you'll end up doing a lot - but each implementation will end up being mediocre at best and will lack flexibility for power users. you might meet your goal (integration, ease of use for beginners) but you might lose the experienced users along the way. looking at the big picture, who is the audience asking for e.g. LDAP integration? from my continuing work on the LDAPUserFolder (which, by the way, is also built on a "do one thing, and do it well" philosophy) i can attest to the fact that the majority seems to be users with existing LDAP infrastructures (-> meaning the experienced users who need maximum flexibility). that audience most likely will not be interested in some limited LDAP server capability in zope itself. like i said, could just be me being very conservative in these matters. jens On Sunday, Dec 8, 2002, at 11:37 US/Eastern, Eron Lloyd wrote:
I think this is probably my biggest concern with Zope...what does it want to be? With Twisted, it's simple--it wants to become as much as possible, as integrated as possible, as soon as possible. The truth is, when developing network applications, you *will* usually need several different disparate systems, like HTTP, IMAP, and LDAP. This is a big reason why platforms like MS Exchange are so popular. Also, as in projects like KDE, users benefit from the *tight* integration of it's applications. When building a Web community, for example, it would be much easier to configure and develop when the Web, email, and messaging servers are all based on the same platform. Compared to using an Apache, Courier, Jabber combo, all having different needs, administration, configuration, and communication facilities. So I guess this is why the conversation keeps coming back up...users *want* that level of integration. Zope already has one foot in the door in this respect. So to me, it's never a matter of wheel re-invention, but a matter of integration and need. The old UNIX adage, "do one thing well" is pretty much a thing of the past.
Cheers,
Eron
On Sunday 08 December 2002 11:06 am, Jens Vagelpohl wrote:
dirk hits it on the head.
why reinvent the wheel? it is not that hard to install and run OpenLDAP and even create your own custom schemata. and then there are products that enable you to maintain the data in LDAP from within zope itself.
what's next, a gopher server for zope? ;)
jens
P.S.: i agree that it would be a somewhat cool thing. but is the undoubtedly large effort worth it? you'll work a lot and never match the capabilities of a real LDAP server.
On Sunday, Dec 8, 2002, at 10:10 US/Eastern, Dirk Datzert wrote:
Stephan Richter schrieb:
On Sunday 08 December 2002 09:43, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
Well, start an effort to write an LDAP server on top of Zope. LDAP is a complex protocol; I would be glad to see a Zope-based server. There is an LDAP server module for Twisted you might want to check out for a start.
I would suggest: put the contacts database on a real LDAP-Server (e.g. openldap - full functional and very well working LDAP-server)
Write on top of Zope your management tool for that contacts database. There are some products to do this: LDAPUserFolder + LDAPDirectoryManager
-> use the right tool for the right issue, don't reinvent the wheel !
Regards, Dirk
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) --- [This E-mail scanned for viruses by Declude Virus]
Hi Eron, Eron Lloyd schrieb:
The truth is, when developing network applications, you *will* usually need several different disparate systems, like HTTP, IMAP, and LDAP.
right
This is a big reason why platforms like MS Exchange are so popular.
and that's the mess :-) They don't see the complexitiy.
is why the conversation keeps coming back up...users *want* that level of integration.
but not all users *want* that! Some users *want* it, some users not.
need. The old UNIX adage, "do one thing well" is pretty much a thing of the past.
Who can say 'do all things well' and 'Yes, we did all things well' ?
Regards, Dirk
Sorry, I like a common look and feel. I have been looking at all the available LDAP clients, and they all have their pro's and con's ( java, c, perl, python, web based, k or g). Looking at LDAP itself, I can't explain why we need it since we have so many things like it including Zope (or vice-versa depending on your point of view). I been working on a comprehesive Linux Administration solution that doesn't jump you around to 12 different interfaces to get you what you need, unfortunately, this proves to be almost impossible. Most people write non-intuitive interfaces (myself included), so I have ended up with a montley crew of utilities that do - what I consider to be, comprehensive Linux administration. Okay, no more complaining. I need only zope to provide minimal support for LDAP. I guess that might include LDAP protocol, a port (389), and a way to suggest to zope that a directory is really LDAP and that objects are really LDAP objects. And that's it. ( I make it sound easier than it is right? ). Well, let me get back to my drudgery, I was thinking about writing a book -- Notes for Beginning Linux Administrators ( or how to annoy hard working Zopist ). Smile, Bye, Luis. ----- Original Message ----- From: "Dirk Datzert" <dirk.datzert@tks-rasselstein.thyssenkrupp.com> Cc: "Zope Mailing List" <zope@zope.org> Sent: Sunday, December 08, 2002 9:55 AM Subject: Re: [Zope] Dumb question: Can Zope be used as a LDAP server?
Hi Eron,
Eron Lloyd schrieb:
The truth is, when developing network applications, you *will* usually need several different
disparate
systems, like HTTP, IMAP, and LDAP.
right
This is a big reason why platforms like MS Exchange are so popular.
and that's the mess :-) They don't see the complexitiy.
is why the conversation keeps coming back up...users *want* that level of integration.
but not all users *want* that! Some users *want* it, some users not.
need. The old UNIX adage, "do one thing well" is pretty much a thing of the past.
Who can say 'do all things well' and 'Yes, we did all things well' ?
Regards, Dirk
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Sorry, I like a common look and feel.
that's a laudable goal by itself
I have been looking at all the available LDAP clients, and they all have their pro's and con's ( java, c, perl, python, web based, k or g). Looking at LDAP itself, I can't explain why we need it since we have so many things like it including Zope (or vice-versa depending on your point of view).
that last sentence does not make any sense. who is "we"? you can make such a statement if "we" is limited to yourself, but that statement definitely is not true if "we" is the zope user community as a whole.
I been working on a comprehesive Linux Administration solution that doesn't jump you around to 12 different interfaces to get you what you need, unfortunately, this proves to be almost impossible. Most people write non-intuitive interfaces (myself included), so I have ended up with a montley crew of utilities that do - what I consider to be, comprehensive Linux administration.
stuff like that is already around AFAIK. there's linuxconf and webmin, for example.
Okay, no more complaining. I need only zope to provide minimal support for LDAP. I guess that might include LDAP protocol, a port (389), and a way to suggest to zope that a directory is really LDAP and that objects are really LDAP objects. And that's it. ( I make it sound easier than it is right? ).
yes, you make it easier than it sounds. the big deal is not just opening a port and creating specialized "ldap directory" objects in zope. the big deal is implementing the protocol to talk to ldap clients. jens
On Sun, Dec 08, 2002 at 03:43:38PM +0100, Luca Olivetti wrote:
Dirk Datzert wrote:
Hi Luis,
Zope is an application server, where you can run your own LDAP-administration software.
But the LDAP-Server is a standalone server which is not zope !
You can bind users in zope against users in LDAP (with LDAPUserFolder) but this did not mean that zope is a LDAP-Server.
Yes, but imagine the opposite: that you have a contacts database in zope and want it to be useable by, say, mozilla or any other mail client that can query ldap servers for its address book.
In my opinion it would make a lot more sense if data are kept in a dedicated LDAP Server and Zope uses LDAP to query this server. Besides that: OpenLDAP can use different backends to store data. But I don't know how much effort it would be to make it use Zope databases. Implementing the LDAP protocol itself within Zope seems a bit overkill for me. -- Free your mind and your ass will follow -- http://www.funkaffair.de
Sebastian Stark wrote:
In my opinion it would make a lot more sense if data are kept in a dedicated LDAP Server and Zope uses LDAP to query this server.
Unless you've already collected your data in the zodb (this seems the same discussion as whether is better to keep your data in a relational database or the zodb, and the correct answer is: it depends ;-)
Besides that: OpenLDAP can use different backends to store data. But I don't know how much effort it would be to make it use Zope databases.
I've just discovered that for my limited needs (serving the addresses already in the zodb to mozilla through ldap) the shell backend of openldap could do (e.g. writing a python script in zope that gives back the data in the format that openldap expects and writing a shell scripts that just queries zope with wget). The performance won't be stellar but I don't have many clients. Maybe this is what Luis could do too. Bye -- Luca Olivetti
participants (7)
-
Dirk Datzert -
Eron Lloyd -
Jens Vagelpohl -
Luca Olivetti -
Luis Cortes -
Sebastian Stark -
Stephan Richter