[Product-Developers] Feedback about LDAP
rsa at eurotux.com
Thu Jun 11 23:39:34 UTC 2009
Jean-Michel FRANCOIS wrote:
> Wichert Akkerman a écrit :
>> Previously Jean-Michel FRANCOIS wrote:
>>> I need to know how you are using OpenLDAP with the Zope transaction
>>> manager. Because OpenLDAP has no transaction, How do you abort Zope
>>> transaction ? RDBMS are well integrated in the zope transaction, but i
>>> don't find anything on the same for OpenLDAP.
>> LDAP operations in Plone are not transaction aware. If you want to do
>> that you would have to queue any writes and commit them when the
>> transaction is being commited. I haven't looked into it, but I suspect
>> it will not be too difficult to implement.
> Thank you Wichert for your answer.
> The only transaction manager code i have red was from MaildropHost. It
> doesn't seems too difficult except in one use case for OpenLDAP:
> Transaction Start
> Adding some entries in the ldap
> Query entries
> End of the transaction
> You will not have entries as result of your query because they are not
> already register.
Since the LDAP protocol doesn't support transactions, you need to
implement them locally. One option is to perform all operations at the
end (as Wichert suggests), another is to perform the inverse operations
in case of an abort. The later has the advantage of letting you make
LDAP queries before the transaction ends.
For this same problem we developed the following two products:
(http://pypi.python.org/pypi/Products.ldapconnection) provides a
persistent LDAP connection object (very much like the old-style sql
connections). It is hooked to the ZODB transaction manager, so if the
transaction is aborted it will try to rollback all operations performed.
(http://pypi.python.org/pypi/archetypes.ldapstorage) provides an
Archetypes storage that stores data in the LDAP server, using the above
product for LDAP operations.
But note that since the server doesn't know anything about your
transactions, any of these solutions will be always vulnerable to errors
(e.g. network related) that may occur in LDAP operations in the same
I saw this discussion, and I released the packages. We're using them in
production in some controlled, intranet projects, but they still require
more testing (and a lot more unit tests) and there are also some missing
features (look at the TODO).
So feedback will be very much welcome. :)
Ricardo Alves <rsa at eurotux.com>
More information about the Product-Developers