[openstack-dev] Plans to converge on one ldap client?

Corey Bryant corey.bryant at canonical.com
Tue May 24 17:53:48 UTC 2016


On Tue, May 24, 2016 at 1:23 PM, Morgan Fainberg <morgan.fainberg at gmail.com>
wrote:

>
>
> On Tue, May 24, 2016 at 8:55 AM, Corey Bryant <corey.bryant at canonical.com>
> wrote:
>
>>
>>
>> On Tue, May 24, 2016 at 11:11 AM, Morgan Fainberg <
>> morgan.fainberg at gmail.com> wrote:
>>
>>>
>>>
>>> On Tue, May 24, 2016 at 5:53 AM, Corey Bryant <
>>> corey.bryant at canonical.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> Are there any plans to converge on one ldap client across projects?
>>>> Some projects have moved to ldap3 and others are using pyldap (both are in
>>>> global requirements).
>>>>
>>>> The issue we're running into in Ubuntu is that we can only have one
>>>> ldap client in Ubuntu main, while the others will live in universe.
>>>>
>>>> --
>>>> Regards,
>>>> Corey
>>>>
>>>>
>>> Out of curiosity, what drives this requirement? pyldap and ldap3 do not
>>> overlap in namespace and can co-install just fine. This is no different
>>> than previously having python-ldap and ldap3.
>>>
>>> It seems a little arbitrary to say only one of these can be in main, but
>>> this is why i am asking.
>>>
>>>
>> No problem, thanks for asking.  I agree, it's no different than
>> python-ldap and ldap3 and it's not a co-installability issue.  This is just
>> a policy for Ubuntu main.  If we file a Main Inclusion Request (MIR) for a
>> new ldap client then we'll be asked to work on what's needed to get the
>> other client package out of main, which consists of patching use of one
>> client for the other.
>>
>>
> Ah, ok sure; still sounds a little silly imho, but only so much we can do
> on that front ;). So the reality is keystone is
>

Everything in main is fully supported, so limiting those efforts to a
single client makes sense.


> considering ldap3, but there have been concerns about ldap3's interface
> compared to the relatively tried-and-true pyldap (a clean fork+py3 support
> of python-ldap). Long term we may move to ldap3. Short term, we wanted
> python3 support, so the drop in replacement for python-ldap was the clear
> winner (ldap3 is significantly more work to support, and even when/if we
> support it there will be a period where we support both, just in different
> drivers).
>

I like the approach to having different drivers, at least for a transition
period.  That would be very useful from a distro perspective.


>
> Basically, if we add ldap3 to keystone, we will be supporting both for a
> non-insignificant time. For now we're leaning on pyldap for the foreseeable
> future.
>
>
>>
Thanks. Appreciate the information!

-- 
Regards,
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160524/5c1ee262/attachment.html>


More information about the OpenStack-dev mailing list