LDAP over HTTP or something else like that?

#1

Hi all. Just got my DH account up and running a couple days ago, and I would really like to have a centralized address book that I can access from all the computers that I work from. LDAP, in some form, seems like it would be the right way to go. It would be great to just run OpenLDAP on ldap.mydomain.com, point Thunderbird at it, and have it Just Work ™.

However, I realize that this is probably a no-go on a shared hosting plan. So, I’m trying to come up with some kind of creative solution of how to do this. The first thing to come to my mind is to run a “private” slapd daemon and figure out some way to run LDAP over HTTP.

So, my questions are these:

  1. Has anyone else tried to do something like this? Cursory googling didn’t turn up anything, but maybe I was just searching for the wrong thing.

  2. Is something like this even feasible or possible? I’m an experienced programmer, but pretty new to network programming, so I may be talking complete crazy-talk. Please, be gentle :slight_smile:

  3. Even if it’s technically possible, would DH frown upon it too much for it to be practical? Specifically, would a slapd deamon running 24/7 get me booted, even if it’s “private”? :slight_smile:

Thanks in advance for any help!

Brad…

#2

Those are all good ideas, but I think a careful look at the Terms of Service, and the DH WIki article on Persistent Processes indicate that, even if it survived Dreamhost’s “prockiller” daemon, any daemon you run on a shared server is likely to be “problematic” (even if not “public”).

See also this wiki entry for a little more insight. :wink:

–rlparker

#3

Now that we’ve told him he can’t, does anyone have any ideas for him? Some apps can use a DB realm for authentication rather than ldap, perhaps a direct connection from the servers to a DH mysql db?

Wholly

#4

Thanks for the links. I had seen them before, but I guess I overlooked the line that said “No finger, OpenLDAP, etc.”

Brad…

#5

I realize that “some apps” can use a more traditional DB for authentication, but my needs are more specific: I want to point a mail client (Thunderbird, Pine, etc.) to a shared, server-side address book. Mail apps generally only speak LDAP for this kind of thing, as far as I am aware.

However, suggesting mysql does give me an idea. I think this could be accomplished with a combination of server-side and client-side code:

  1. Store the address book in a standard mysql DB instead of an LDAP DB.

  2. Write a cgi script that takes address book queries and returns results in some kind of “known” format over HTTP.

  3. Write a deamon process that runs on the client machine that listens for LDAP requests and tunnels those requests into the corresponding HTTP request.

  4. Likewise, the daemon is also responsible for unpacking the data received from the server into a well-formed LDAP result.

  5. Point Thunderbird to ldap://127.0.0.1 and you’re golden :slight_smile: .

Of course, this is beginning to get fairly involved :wink: . Is any of this crazy-talk? Seems like there’s gotta be some way to do it without running an LDAP server on DH.

Comments?

Thanks!

Brad…

#6

Hey All,

I know im a new user, but surely we can figure this out. There HAS to be a way to share users for us, can’t we simulate LDAP SOMEHOW?

#7