Re: [Fedora-directory-users] Ideas for fds [Auf Viren geprüft]
David Boreham
david_list at boreham.org
Mon Jun 13 14:08:59 UTC 2005
Thanks, that was an interesting analysis.
>Instead some kind of LDAP-Proxy-Super-Adapter comes to my mind: it would
>use and understand all those variations of groups and present them to an
>application
>as being a classical static group. It would be very configurable in every
>aspect.
I believe this is what was called the 'policy server'.
Problem is that AFAIK nobody has built a generally useful one.
>Otherwise I'm afraid to much of application logic moves into the directory
>server like PL/SQL only for LDAP.
>
>
True. There are two (valid) reasons for stored procedures: 1) ensure
data integrity
2) performance. Both these apply to the LDAP DS scenario too.
So it's a two-sided thing : offload too much to an intermediary LDAP
client and performance will suffer, plus applications that do not use
the intermediary now have the problem of maintaining consistency with it.
The doomsday scenario of a full-blown policy language inside the DS
is certainly scary. All the proposals being discussed here are very simple
by comparison (and sometimes too simple of course).
More information about the 389-users
mailing list