[openstack-dev] Plans to converge on one ldap client?
morgan.fainberg at gmail.com
Tue May 24 17:23:39 UTC 2016
On Tue, May 24, 2016 at 8:55 AM, Corey Bryant <corey.bryant at canonical.com>
> On Tue, May 24, 2016 at 11:11 AM, Morgan Fainberg <
> morgan.fainberg at gmail.com> wrote:
>> On Tue, May 24, 2016 at 5:53 AM, Corey Bryant <corey.bryant at canonical.com
>> > wrote:
>>> Hi All,
>>> Are there any plans to converge on one ldap client across projects?
>>> Some projects have moved to ldap3 and others are using pyldap (both are in
>>> global requirements).
>>> The issue we're running into in Ubuntu is that we can only have one ldap
>>> client in Ubuntu main, while the others will live in universe.
>> Out of curiosity, what drives this requirement? pyldap and ldap3 do not
>> overlap in namespace and can co-install just fine. This is no different
>> than previously having python-ldap and ldap3.
>> It seems a little arbitrary to say only one of these can be in main, but
>> this is why i am asking.
> No problem, thanks for asking. I agree, it's no different than
> python-ldap and ldap3 and it's not a co-installability issue. This is just
> a policy for Ubuntu main. If we file a Main Inclusion Request (MIR) for a
> new ldap client then we'll be asked to work on what's needed to get the
> other client package out of main, which consists of patching use of one
> client for the other.
Ah, ok sure; still sounds a little silly imho, but only so much we can do
on that front ;). So the reality is keystone is considering ldap3, but
there have been concerns about ldap3's interface compared to the relatively
tried-and-true pyldap (a clean fork+py3 support of python-ldap). Long term
we may move to ldap3. Short term, we wanted python3 support, so the drop in
replacement for python-ldap was the clear winner (ldap3 is significantly
more work to support, and even when/if we support it there will be a period
where we support both, just in different drivers).
Basically, if we add ldap3 to keystone, we will be supporting both for a
non-insignificant time. For now we're leaning on pyldap for the foreseeable
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev