directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: Database information back end
Date Wed, 22 Nov 2006 20:13:06 GMT
On 11/22/06, George Stoianov <gstoyanoff@gmail.com> wrote:
> On 11/21/06, Alex Karasulu <aok123@bellsouth.net> wrote:
> > George Stoianov wrote:
> > >> > (leaning towards an rdbms aren't you
> > >> > using BerkleyDB??),
> > >>
> > >> nope, because the BDB license prohibit it.
> > >
> > > Really so what kind of files are the .db files in var??
> >
> > They are JDBM files ...
> >
> >    http://jdbm.sourceforge.net/
>
> I see with the B-Tree instead of the H-Tree as I learned from the web site.
>
> >
> > Is the license
> > > problem a problem in combination with the Apache license??
> >
> > Yep it's too viral.
> >
> > Berkley DB
> > > is dual licensed right?
> >
> > Yep it is.
> >
> > Or did Oracle change all of that?
> >
> > No they kept the original licensing terms.
> >
> > >> > but still as a person that has/is using databases
> > >> > for many other things I see some benefits to be had if you could
> > >> > enable at least the presentation of database data in response to ldap
> > >> > queries.
> >
> > I see what you mean.  You want a virtual directory.
>
> I guess, I have no clue what virtual directories are. Are they a way
> to present an LDAP tree from a non-native datasource be it an rdbms, a
> file or another ldap server???
> Is this is any indication
> http://developers.slashdot.org/article.pl?sid=05/06/06/1036204&from=rss
> then that is what I am looking for/need.
>
> >I think it is about
> > time we tried to build something like that here.  You interested in
> > working on that here?
>
> Am I interested - yes. I do not know what is involved though nor how
> you guys operate my availability is not very good but assume almost
> everyone else will have a day job as well...
>
> >
> > >>  There is no way to do that, because LDAP is a protocol which enforce the
> > >> response structure...
> > >
> > > Can you eloborate on this?? To me it seems that when I ask for Jane
> > > Smith from the HR department from the Oxford office in the UK I can do
> > > that same thing using sql selecting the country table than the office
> > > table with cities and then the people table and then Jane Smith. As
> > > far as the response structure I think that is true for every protocol
> > > and yet the end data storage for many of them is an rdbms. This is
> > > where the middle program/ldap server provides the proper
> > > representation of the response in my mind.
> >
> > I think I understand what you want to do.  You want to present a
> > specific RDBMS schema as a Directory Information Tree.  You want to
> > adapt one access model to another essentially.  This is what virtual
> > directories do.
> >
> > Is this what you want to do?
>
> Precisely I am not looking to force a specific structure that may be
> slow/inefficient or inappropriate but just add the capability to plug
> in another schema/directory tree as an information provider. I am
> looking for modularity that makes code and software reuse easier and
> also adds some capabilities that will be benefitial to a particular
> group or scenario like mine :).
>
> >
> > >> > if I have a person that belongs to two different
> > >> > departements I would have to create two records for that person and
> > >> > all the common data would be duplicated in order to have that person
> > >> > access the different resources for the other department.
> > >>
> > >> You could also use aliases, to avoid such a duplication. Basically, you
> > >> point to the unique entry by its path (DN)
> > >
> > > I do not think so as an alias would point to the same entity, which
> > > would not solve the problem of the same entity having different
> > > attributes or attribute values, depending on the location in the node
> > > structure.
> >
> > Sounds like you want different views/perspectives of the same entry in
> > different places.
> >
> > ...
>
> Yes
>
> >
> > > Yes X.500 is complex :) . Triplesec is not LDAP server right? I need
> > > an ldap server as that is what the application using the groups and
> > > people credentials uses natively.
> >
> > Triplesec builds on top of ApacheDS so yes it is an LDAP server with
> > some customizations.
> >
> > >> We also have two presentations done in ApacheCon EU last october :
> > >> http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf
> > >>
> > >>
> > >> and
> > >>
> > >> http://people.apache.org/~ersiner/apachecon-us06/
> > >
> > > So with stored procedures I can store a Java object and have it called
> > > with a standar ldap query and it can return whatever text value I
> > > choose??? That seems like a really good way to do what I need the
> > > security concerns are kind of troublesome but if you can isolate the
> > > calls to just one secured process you maybe OK doing it this way. Do
> > > you have a step by step example of doing this?
> >
> > Ersin's the man behind this great work.  Perhaps he can chime in.

LDAP Stored Procedures, as we have designed and implemented, are just
java bytecodes stored in the DIT and loaded via a special LDAP class
loader and run inside the server. An LDAP stored procedure can be
executed by in-server means or by an LDAP extended operation (which is
defined) invoked by an external client. LDAP stored procedures mainly
serves for LDAP Triggers but they can be used for various purposes
like server administration, dynamic schema etc.

Currently, the best resource for LDAP SP and Triggers is:

http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR14-ErsinEr-Stored_Procedures_and_Triggers_Arrive_in_ApacheDS.pdf
(and http://people.apache.org/~ersiner/apachecon-us06/FR14.README)

> I see you are discussing documentation now ... I do not known if I am
> a correct representative of the groups most interested in open source
> projects but one think find difficult looking at a project at first is
> the lack or incomplete documentation the mailing list is usually the
> best place to learn things :) and I am perfectly OK with that. Here is
> a link I found to a book on X.500 on the web that may help with the
> documentation: http://sec.cs.kent.ac.uk/x500book/ I am not sure but I
> think linking to it may have to be cleared with the author.

I think we have mastered most of it.. :-) BTW, it is an excellent book.

> Thanks for your help, I am still learning about LDAP and ADS.

We are glad to help you and also we learn about user experinces/needs.

> George
>
> >
> > Regards,
> > Alex
> >
> >
>


-- 
Ersin

Mime
View raw message