www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@apache.org>
Subject Re: Centralised authentication/authorisation
Date Mon, 15 Dec 2008 11:43:24 GMT
Tony Stevenson wrote:
>
>
> Graham Leggett wrote:
>> Emmanuel Lécharny wrote:
>
> [SNIP ...]
>
>>
>> If we start with just the following, we could build up from there:
>>
>> objectClass: top
>> objectClass: person
>> objectClass: inetOrgPerson
>> objectClass: mailRecipient
>> objectClass: organizationalPerson
>>
>> Next step after that, add some ASF attributes where relevant:
>>
>> objectclass: asfPerson
>> objectclass: asfCommitter
>> objectclass: asfMember
>>
>> etc
>
> As I say, I want to prevent this from becoming the mother of all 
> databases.  So for now let's keep it simple. I am not sure if we want 
> to move .forward files into LDAP just yet, think of the number of 
> directory lookups when email committers@ for example.
The beauty of LDAP is that you can add some new attributes to our own 
AsfPerson ObjectClass (I will use OC and AT for respectively ObjectClass 
and AttributeType in the following mials, 'coz I'm lazzy ...) without 
having to change the existing entries, except if we add some new MUST AT.

So nothing forbid us to start simple, and little by little improve the 
AsfPerson OC.

I'm not very found of the multiple OC proposed by Graham (ie, 
AsfCommitter, AsfMember), but if needed, we can discuss this aspect (me 
not being found of does not mean I'm correct on that ...)

I suggest we start with what Graham needs atm.
>
>
> Cheeers,
> Tony
>
>
>
>
> -----------------------------------------
> Tony Stevenson
> tony@pc-tony.com  //  pctony@apache.org
> http://www.pc-tony.com/
>
> 1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
> -----------------------------------------
>


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org



Mime
View raw message