[openstack-dev] Plans to converge on one ldap client?
corey.bryant at canonical.com
Tue May 24 17:53:48 UTC 2016
On Tue, May 24, 2016 at 1:23 PM, Morgan Fainberg <morgan.fainberg at gmail.com>
> On Tue, May 24, 2016 at 8:55 AM, Corey Bryant <corey.bryant at canonical.com>
>> On Tue, May 24, 2016 at 11:11 AM, Morgan Fainberg <
>> morgan.fainberg at gmail.com> wrote:
>>> On Tue, May 24, 2016 at 5:53 AM, Corey Bryant <
>>> corey.bryant at canonical.com> wrote:
>>>> Hi All,
>>>> Are there any plans to converge on one ldap client across projects?
>>>> Some projects have moved to ldap3 and others are using pyldap (both are in
>>>> global requirements).
>>>> The issue we're running into in Ubuntu is that we can only have one
>>>> ldap client in Ubuntu main, while the others will live in universe.
>>> Out of curiosity, what drives this requirement? pyldap and ldap3 do not
>>> overlap in namespace and can co-install just fine. This is no different
>>> than previously having python-ldap and ldap3.
>>> It seems a little arbitrary to say only one of these can be in main, but
>>> this is why i am asking.
>> No problem, thanks for asking. I agree, it's no different than
>> python-ldap and ldap3 and it's not a co-installability issue. This is just
>> a policy for Ubuntu main. If we file a Main Inclusion Request (MIR) for a
>> new ldap client then we'll be asked to work on what's needed to get the
>> other client package out of main, which consists of patching use of one
>> client for the other.
> Ah, ok sure; still sounds a little silly imho, but only so much we can do
> on that front ;). So the reality is keystone is
Everything in main is fully supported, so limiting those efforts to a
single client makes sense.
> considering ldap3, but there have been concerns about ldap3's interface
> compared to the relatively tried-and-true pyldap (a clean fork+py3 support
> of python-ldap). Long term we may move to ldap3. Short term, we wanted
> python3 support, so the drop in replacement for python-ldap was the clear
> winner (ldap3 is significantly more work to support, and even when/if we
> support it there will be a period where we support both, just in different
I like the approach to having different drivers, at least for a transition
period. That would be very useful from a distro perspective.
> Basically, if we add ldap3 to keystone, we will be supporting both for a
> non-insignificant time. For now we're leaning on pyldap for the foreseeable
Thanks. Appreciate the information!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev