Plone › Product Developers

Feedback about LDAP

6 messages Options
Embed this post
Permalink
Jean-Michel FRANCOIS () Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
Hi,

I m about to start project with OpenLDAP and Plone but not for
authication. It will be on an SSO (may be CAS). I m using LDAP just for
member properties to make complex queries throw a "directory" content type.

I want to be able to make CRUD operations on LDAP+SQL+Archetypes
technologies in the same "Contact" content type.

I need to know how you are using OpenLDAP with the Zope transaction
manager. Because OpenLDAP has no transaction, How do you abort Zope
transaction ? RDBMS  are well integrated in the zope transaction, but i
don't find anything on the same for OpenLDAP.

--
Cordialement,
Jean-Michel FRANCOIS
Makina-Corpus



_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Wichert Akkerman () Re: Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
Previously Jean-Michel FRANCOIS wrote:
> I need to know how you are using OpenLDAP with the Zope transaction
> manager. Because OpenLDAP has no transaction, How do you abort Zope
> transaction ? RDBMS  are well integrated in the zope transaction, but i
> don't find anything on the same for OpenLDAP.

LDAP operations in Plone are not transaction aware. If you want to do
that you would have to queue any writes and commit them when the
transaction is being commited. I haven't looked into it, but I suspect
it will not be too difficult to implement.

Wichert.

--
Wichert Akkerman <[hidden email]>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Jean-Michel FRANCOIS () Re: Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
Wichert Akkerman a écrit :

> Previously Jean-Michel FRANCOIS wrote:
>  
>> I need to know how you are using OpenLDAP with the Zope transaction
>> manager. Because OpenLDAP has no transaction, How do you abort Zope
>> transaction ? RDBMS  are well integrated in the zope transaction, but i
>> don't find anything on the same for OpenLDAP.
>>    
>
> LDAP operations in Plone are not transaction aware. If you want to do
> that you would have to queue any writes and commit them when the
> transaction is being commited. I haven't looked into it, but I suspect
> it will not be too difficult to implement.
>
> Wichert.
>
>  
Thank you Wichert for your answer.

The only transaction manager code i have red was from MaildropHost. It
doesn't seems too difficult except in one use case for OpenLDAP:

Transaction Start
Adding some entries in the ldap
Query entries
End of the transaction

You will not have entries as result of your query because they are not
already register.

--
Cordialement,
Jean-Michel FRANCOIS
Makina-Corpus



_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Wichert Akkerman () Re: Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
Previously Jean-Michel FRANCOIS wrote:

> Wichert Akkerman a écrit :
> > Previously Jean-Michel FRANCOIS wrote:
> >  
> >> I need to know how you are using OpenLDAP with the Zope transaction
> >> manager. Because OpenLDAP has no transaction, How do you abort Zope
> >> transaction ? RDBMS  are well integrated in the zope transaction, but i
> >> don't find anything on the same for OpenLDAP.
> >>    
> >
> > LDAP operations in Plone are not transaction aware. If you want to do
> > that you would have to queue any writes and commit them when the
> > transaction is being commited. I haven't looked into it, but I suspect
> > it will not be too difficult to implement.
> >
> > Wichert.
> >
> >  
> Thank you Wichert for your answer.
>
> The only transaction manager code i have red was from MaildropHost. It
> doesn't seems too difficult except in one use case for OpenLDAP:
>
> Transaction Start
> Adding some entries in the ldap
> Query entries
> End of the transaction
>
> You will not have entries as result of your query because they are not
> already register.

That's true. I suspect that most of the time that does not matter since
you rarely need to query for values you change in the same request. In
cases where you do you can usually implement a workaround by breaking
the operation in two steps and commiting the transaction in between,
either manually or by invoking a new request with a HTTP redirect.

Wichert.

--
Wichert Akkerman <[hidden email]>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Jean-Michel FRANCOIS () Re: Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
Wichert Akkerman a écrit :

> Previously Jean-Michel FRANCOIS wrote:
>  
>> Wichert Akkerman a écrit :
>>    
>>> Previously Jean-Michel FRANCOIS wrote:
>>>  
>>>      
>>>> I need to know how you are using OpenLDAP with the Zope transaction
>>>> manager. Because OpenLDAP has no transaction, How do you abort Zope
>>>> transaction ? RDBMS  are well integrated in the zope transaction, but i
>>>> don't find anything on the same for OpenLDAP.
>>>>    
>>>>        
>>> LDAP operations in Plone are not transaction aware. If you want to do
>>> that you would have to queue any writes and commit them when the
>>> transaction is being commited. I haven't looked into it, but I suspect
>>> it will not be too difficult to implement.
>>>
>>> Wichert.
>>>
>>>  
>>>      
>> Thank you Wichert for your answer.
>>
>> The only transaction manager code i have red was from MaildropHost. It
>> doesn't seems too difficult except in one use case for OpenLDAP:
>>
>> Transaction Start
>> Adding some entries in the ldap
>> Query entries
>> End of the transaction
>>
>> You will not have entries as result of your query because they are not
>> already register.
>>    
>
> That's true. I suspect that most of the time that does not matter since
> you rarely need to query for values you change in the same request. In
> cases where you do you can usually implement a workaround by breaking
> the operation in two steps and commiting the transaction in between,
> either manually or by invoking a new request with a HTTP redirect.
>
> Wichert.
>
>  
That's true. Thank you for your help Wichert. I will try to make this in
a reusable egg.

--
Cordialement,
Jean-Michel FRANCOIS
Makina-Corpus



_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Ricardo Alves-2 () Re: Feedback about LDAP
Reply Threaded More More options
Print post
Permalink
In reply to this post by Jean-Michel FRANCOIS
Jean-Michel FRANCOIS wrote:

> Wichert Akkerman a écrit :
>> Previously Jean-Michel FRANCOIS wrote:
>>  
>>> I need to know how you are using OpenLDAP with the Zope transaction
>>> manager. Because OpenLDAP has no transaction, How do you abort Zope
>>> transaction ? RDBMS  are well integrated in the zope transaction, but i
>>> don't find anything on the same for OpenLDAP.
>>>    
>> LDAP operations in Plone are not transaction aware. If you want to do
>> that you would have to queue any writes and commit them when the
>> transaction is being commited. I haven't looked into it, but I suspect
>> it will not be too difficult to implement.
>>
>> Wichert.
>>
>>  
> Thank you Wichert for your answer.
>
> The only transaction manager code i have red was from MaildropHost. It
> doesn't seems too difficult except in one use case for OpenLDAP:
>
> Transaction Start
> Adding some entries in the ldap
> Query entries
> End of the transaction
>
> You will not have entries as result of your query because they are not
> already register.

Since the LDAP protocol doesn't support transactions, you need to
implement them locally. One option is to perform all operations at the
end (as Wichert suggests), another is to perform the inverse operations
in case of an abort. The later has the advantage of letting you make
LDAP queries before the transaction ends.

For this same problem we developed the following two products:

- Products.ldapconnection
(http://pypi.python.org/pypi/Products.ldapconnection) provides a
persistent LDAP connection object (very much like the old-style sql
connections). It is hooked to the ZODB transaction manager, so if the
transaction is aborted it will try to rollback all operations performed.

- archetypes.ldapstorage
(http://pypi.python.org/pypi/archetypes.ldapstorage) provides an
Archetypes storage that stores data in the LDAP server, using the above
product for LDAP operations.

But note that since the server doesn't know anything about your
transactions, any of these solutions will be always vulnerable to errors
(e.g. network related) that may occur in LDAP operations in the same
transaction.

I saw this discussion, and I released the packages. We're using them in
production in some controlled, intranet projects, but they still require
more testing (and a lot more unit tests) and there are also some missing
features (look at the TODO).

So feedback will be very much welcome. :)


Ricardo

--
Ricardo Alves <[hidden email]>
Eurotux <http://www.eurotux.com>


_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Free Embeddable Forum Powered by Nabble Help