directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: LDAP Proxy backend
Date Mon, 25 Apr 2005 17:01:27 GMT
Marc Boorshtein wrote:

>I'll see if i can put something basic together, though
>i can't make any promises as to when :-).
That's the story of OSS sure :).

>As for the other things, I think the plugin model you
>are using is great!  As I understand it it's very
>close to servlet filters, correct?  
Ahh ok you mean the interceptor mechanism.  Yes it is very close to 
servlet filters in its design. 

>As for stored procedures and triggers, I think they
>are interesting, but unnessisary in a directory
>product with a servlet-filter like system.  
Hmm I disagree here a bit.  The servlet-filter system is really 
something for facilities.  At the present moment new filters are not hot 
deployable.  It would be easy to make them be thought.  However I don't 
expect users of the directory to create Interceptors when they want to 
respond to an event or trigger a change based on an operation (nice for 
controls btw).  So we would like to have a distinct DDL grammar like in 
SQL for creating triggers.

Stored procedures also need to exist in a multiuser environment.  There 
is no reason why these constructs should only be specific to the world 
of the relational database.

>the plugins allways stand in the way of information
>being written/changed and you can allways "trigger" an
>event off of that.
True but again we cannot expect users to do this if they want to respond 
to an LDAP operation.  Think of what a nightmare this would have been in 
the RDBMS world.  Think of users having to add an Interceptor to be able 
to add a before trigger on a table on insert.  That would drive users 
away IMHO.  A DDL is needed.  The DDL is stored in the system backend 
under a trigger management system which happens to have an Interceptor 
within the chain.  That would be a much simpler solution for the user.

>As for views, thats what virtual directory is all
>about :-).  
That's the whole point to a view however you are formalizing the 
specification of the unit of virtualization.  There is no way to specify 
this today so a DDL is needed.  There are all sorts of ways to create 
views.  It would be nice to give the user the ability to instantly 
create these views through the DDL.  Keep in mind, not all 
virtualization involves data that is external to the directory.  You may 
have to merge data from multiple backends that might be store data 
locally within the DSA.  Views allow us to do this in a standard manner 
and will be very similar to SQL views.  Combined with stored procedures 
this is a very powerful facility for virtualization.

Today the use of a backend to implement a VD is a bastardization because 
there is no specification.  The space is new and people have just solved 
the problem quickly to meet a demand.  We need standards basically.  If 
backends (partitions in ApacheDS terms) are plugable then views (again 
their DDL) are the primary construct for virtualization.


>What I think would be REALLY interesting (at least
>from a developer's perspective) is a way to simplify
>the interaction with the directory from inside of a
>plugin.     It's very common for IT departments to
>invest in specialized libraries for simplifying LDAP
>access.  There are also more then a couple of
>SQL<->LDAP translation systems, in both Java and ADO. 
>It's not something i've put a lot of thought into from
>inside of a directory, but i would definitly think it
>would help decrease the barier of entry for apacheds.
I think people have tried to compare LDAP and SQL to ease the learning 
curve as you say.  However LDAP knowledge is spreading fast thanks to M$ 
and AD spreading across IT shops.  LDAP is no longer this wierd data 
access mechanism anymore that only a select few understand.  I don't 
think its worth the time to do this but if its of interest to you then 
by all means feel free to pursue it.

In general, I would like to work on some draft specifications so we can 
standardize some things within the VD space.  I think views along with a 
DDL for them is an excellent way for us to do this.


View raw message