directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: Database information back end
Date Tue, 21 Nov 2006 15:34:22 GMT
Hi Georges,

On 11/21/06, George Stoianov <gstoyanoff@gmail.com> wrote:
>
> Hi,
>
> I read a thread on the possibility of having a database back end for
> ADS and have tried to understand all the arguements pro and con and I
> think I am on cross roads regarding the philosophical and design
> aspects of the whole idea :)


Philosophcal? We are not that smart ! ;)

(leaning towards an rdbms aren't you
> using BerkleyDB??),


nope, because the BDB license prohibit it.

but still as a person that has/is using databases
> for many other things I see some benefits to be had if you could
> enable at least the presentation of database data in response to ldap
> queries.


There is no way to do that, because LDAP is a protocol which enforce the
response structure...


One major drawback of ldap compared to a relation storage architecture
> is that it is not relational in database terms it is more of a network
> type of database structure


Let's say it's pretty much more like a Hierarchical database. (as of 1970,
where you had Hierarchical, network and relationnal database - which was the
new commer )

where the information for each node of data
> is stored at the node level and the uniqueness is guaranteed by the
> path i.e.


Agreed.

if I have a person that belongs to two different
> departements I would have to create two records for that person and
> all the common data would be duplicated in order to have that person
> access the different resources for the other department.


You could also use aliases, to avoid such a duplication. Basically, you
point to the unique entry by its path (DN)


I know that
> if you could possibly put all the requirements down you could get a
> good enough structure to account for that but flexibility in the long
> term seems a lot harder to attain that with an rdbms engine,


Not necessarily. Basically, what you should consider is wether you would
benefit more from a hierarchical structure or from a relationnal one. Of
course, everything can be done with a RDBMS (and when you look at IBM
Directory Server, which is backed by a RDBMS - DB2
-, you can see that, yes, this is possible :), but sometime, a RDBMS is the
best choice (may be often ;)

although
> I like the trigger and view capabilities you are building they maybe
> the solution. I am completely new to ldap so please correct me if I am
> wrong.


I can't say you are wrong. You pointed out some of the elements that should
help you to make the best chocie :)

I am currently in the processes of helping with the implementaion of a
> solution that uses ldap for user credentials, those credentials are
> also used to form groups of people based on database records that
> experiences frequent updates and changes so I am looking for a
> flexible and quick in respect of updates/deletes solution and was
> really happy to find ADS as I thought that maybe/is the answer???


Ahha... Well, hum, what I can say is that ADS has a full fledged ACI
implementation, based on X500 specification, which is one of the most
complete(complex?) . So, I think that it can fill your needs. Just check
some doco :
 http://docs.safehaus.org/display/TRIPLESEC/Home (Has been voted to be a
part of Apache Directory Server one month ago)

We also have two presentations done in ApacheCon EU last october :
http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf

and

http://people.apache.org/~ersiner/apachecon-us06/

So let me get to my question: Is there a place in the ADS API where I
> could plug in another representation of a storage structure which I
> then will inadvertantly tie to a rdbms back end.


yep, but this will need some work ...

What I need is the
> power and the standards compliance from ADS and the ability to serve
> my own data from a different source. Can you please point me in the
> right direction on this??


I hope I did. Are you in a urge, or do you have time ?

Thanks,
> George
>

You are welcome !

Emmanuel

-- 
Cordialement,
Emmanuel L├ęcharny

Mime
View raw message