[OpenSER-Devel] Re: ldap module api

Christian Schlatter cs at unc.edu
Fri Aug 10 18:34:25 CEST 2007 

Daniel,

Daniel-Constantin Mierla wrote:
> Hello Christian,
> 
> I am thinking to do an abstractisation to the LDAP API, to not be 
> dependent of ldap libraries. Practically is to hide the LDAP structures 
> behind some local defined one. For example, for DB we have the same, 
> there are some void pointers keeping references to mysql/postgres/... 
> connection.
> 
> In this way we remove the dependency of ldap library to the modules 
> using the LDAP module API. As far as I could see, the structures LDAP, 
> LDAPmessage and berval have to be hidden.

Yes, that makes sense to me. I guess that casting the void pointers back 
to their ldap lib counterpart would allow a module developer to use low 
level ldap lib functions. This is important since the current ldap 
module API does only offer a very limited set of functions compared to 
the openldap lib.

Other modules like e.g. the new H350 do not need any openldap lib 
functions and would benefit from this abstraction.


> What do you think? Also, I think a function that does the search of 
> attribute-values in LDAP and stores directly in script AVPs would be 
> good. If someone does the search from script is very likely to want 
> fetched result as well in script. Something similar to avp_db_query(). I 
> guess this will be wrapper to what already exists in ldap_search and 
> ldap_result.

My first version of the ldap module included a function to do exactly 
that. But I decided to replace this function with ldap_result since it 
is more flexible and allows a script writer to selectively store ldap 
values as AVPs. My assumption was that in most cases users are only 
interested in a small subset of the returned LDAP attributes, as e.g. if 
you query for an inetOrgPerson object you probably aren't interested in 
street address or job title.

Another issue with storing the whole LDAP result as AVPs is that the 
result can include multiple objects and an object's attribute can be 
multi-valued. This would require to have AVPs with two-dimensional 
indeces which could be achieved by including one index in the AVP name.

In my opinion ldap_result is all that is needed but I could surely help 
to implement an avp_db_query like function for ldap if there is interest 
in that.

/Christian

More information about the Devel mailing list