[Product-Developers] Feedback about LDAP

Ricardo Alves rsa at eurotux.com
Thu Jun 11 23:39:34 UTC 2009

Jean-Michel FRANCOIS wrote:
> Wichert Akkerman a écrit :
>> Previously Jean-Michel FRANCOIS wrote:
>>> I need to know how you are using OpenLDAP with the Zope transaction
>>> manager. Because OpenLDAP has no transaction, How do you abort Zope
>>> transaction ? RDBMS  are well integrated in the zope transaction, but i
>>> don't find anything on the same for OpenLDAP.
>> LDAP operations in Plone are not transaction aware. If you want to do
>> that you would have to queue any writes and commit them when the
>> transaction is being commited. I haven't looked into it, but I suspect
>> it will not be too difficult to implement.
>> Wichert.
> Thank you Wichert for your answer.
> The only transaction manager code i have red was from MaildropHost. It
> doesn't seems too difficult except in one use case for OpenLDAP:
> Transaction Start
> Adding some entries in the ldap
> Query entries
> End of the transaction
> You will not have entries as result of your query because they are not
> already register.

Since the LDAP protocol doesn't support transactions, you need to 
implement them locally. One option is to perform all operations at the 
end (as Wichert suggests), another is to perform the inverse operations 
in case of an abort. The later has the advantage of letting you make 
LDAP queries before the transaction ends.

For this same problem we developed the following two products:

- Products.ldapconnection 
(http://pypi.python.org/pypi/Products.ldapconnection) provides a 
persistent LDAP connection object (very much like the old-style sql 
connections). It is hooked to the ZODB transaction manager, so if the 
transaction is aborted it will try to rollback all operations performed.

- archetypes.ldapstorage 
(http://pypi.python.org/pypi/archetypes.ldapstorage) provides an 
Archetypes storage that stores data in the LDAP server, using the above 
product for LDAP operations.

But note that since the server doesn't know anything about your 
transactions, any of these solutions will be always vulnerable to errors 
(e.g. network related) that may occur in LDAP operations in the same 

I saw this discussion, and I released the packages. We're using them in 
production in some controlled, intranet projects, but they still require 
more testing (and a lot more unit tests) and there are also some missing 
features (look at the TODO).

So feedback will be very much welcome. :)


Ricardo Alves <rsa at eurotux.com>
Eurotux <http://www.eurotux.com> 

More information about the Product-Developers mailing list