directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <aok...@bellsouth.net>
Subject Re: Database information back end
Date Wed, 22 Nov 2006 03:00:32 GMT
George Stoianov wrote:
>> > (leaning towards an rdbms aren't you
>> > using BerkleyDB??),
>>
>> nope, because the BDB license prohibit it.
> 
> Really so what kind of files are the .db files in var?? 

They are JDBM files ...

   http://jdbm.sourceforge.net/

Is the license
> problem a problem in combination with the Apache license?? 

Yep it's too viral.

Berkley DB
> is dual licensed right? 

Yep it is.

Or did Oracle change all of that?

No they kept the original licensing terms.

>> > but still as a person that has/is using databases
>> > for many other things I see some benefits to be had if you could
>> > enable at least the presentation of database data in response to ldap
>> > queries.

I see what you mean.  You want a virtual directory.  I think it is about 
time we tried to build something like that here.  You interested in 
working on that here?

>>  There is no way to do that, because LDAP is a protocol which enforce the
>> response structure...
> 
> Can you eloborate on this?? To me it seems that when I ask for Jane
> Smith from the HR department from the Oxford office in the UK I can do
> that same thing using sql selecting the country table than the office
> table with cities and then the people table and then Jane Smith. As
> far as the response structure I think that is true for every protocol
> and yet the end data storage for many of them is an rdbms. This is
> where the middle program/ldap server provides the proper
> representation of the response in my mind.

I think I understand what you want to do.  You want to present a 
specific RDBMS schema as a Directory Information Tree.  You want to 
adapt one access model to another essentially.  This is what virtual 
directories do.

Is this what you want to do?

>> > if I have a person that belongs to two different
>> > departements I would have to create two records for that person and
>> > all the common data would be duplicated in order to have that person
>> > access the different resources for the other department.
>>
>> You could also use aliases, to avoid such a duplication. Basically, you
>> point to the unique entry by its path (DN)
> 
> I do not think so as an alias would point to the same entity, which
> would not solve the problem of the same entity having different
> attributes or attribute values, depending on the location in the node
> structure.

Sounds like you want different views/perspectives of the same entry in 
different places.

...

> Yes X.500 is complex :) . Triplesec is not LDAP server right? I need
> an ldap server as that is what the application using the groups and
> people credentials uses natively.

Triplesec builds on top of ApacheDS so yes it is an LDAP server with 
some customizations.

>> We also have two presentations done in ApacheCon EU last october :
>> http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf

>>
>>
>> and
>>
>> http://people.apache.org/~ersiner/apachecon-us06/
> 
> So with stored procedures I can store a Java object and have it called
> with a standar ldap query and it can return whatever text value I
> choose??? That seems like a really good way to do what I need the
> security concerns are kind of troublesome but if you can isolate the
> calls to just one secured process you maybe OK doing it this way. Do
> you have a step by step example of doing this?

Ersin's the man behind this great work.  Perhaps he can chime in.

Regards,
Alex


Mime
View raw message