Any C coders want to help me with something?
Mike McGrath
mmcgrath at redhat.com
Fri May 1 13:57:22 UTC 2009
On Fri, 1 May 2009, Axel Thimm wrote:
> On Fri, May 01, 2009 at 02:54:08AM -0400, Ricky Zhou wrote:
> > On 2009-05-01 09:11:11 AM, Axel Thimm wrote:
> > > Maybe if someone gives some detail on why the LDAP setup looked like
> > > too hacky we could find a better solution and use LDAP?
>
> > We were basically trying to use LDAP like a relational DB instead of a
> > directory, so we were trying to force our entire sponsorship system to
> > be totally contained in LDAP. Looking back at this, the best approach
> > with LDAP would probably have been a DB for sponsorship data, and LDAP
> > for holding approved user/group data. As I mentioned, I'd be interested
> > in exploring this approach a bit more in the future.
>
> With details I mean something more like what exact bits where not
> mapping naturally into some LDAP structure, existent or custom schema
> made.
>
Both ldap groups basically suggested to us to have 3 groups for each
'group'. SO if you have a sysadmin group we'd have 'sysadmin'
'sysadmin-sponsors' and 'sysadmin-admins'. Then we'd move people from
one group to another.
Then there was the concept of marking who sponsored who in that group. So
if Axel joined the sysadmin group and I sponsored him in that group, that
I be able to track that information. Those two requirements together make
ldap a poor solution in our use case.
-Mike
More information about the infrastructure
mailing list