www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Centralised authentication/authorisation
Date Mon, 15 Dec 2008 11:44:35 GMT
Tony Stevenson wrote:

> As I say, I want to prevent this from becoming the mother of all 
> databases.  So for now let's keep it simple. I am not sure if we want to 
> move .forward files into LDAP just yet, think of the number of directory 
> lookups when email committers@ for example.

Lets not get ahead of ourselves - the objectclasses list a large number 
of optional attributes, and they are all just that: optional.

The objectclasses listed above exist and are widely supported out there. 
  We must definitely avoid reinventing the wheel if we can possibly 
avoid it.

LDAP databases are designed to hold millions of users in them, handling 
the equivalent of .forward files is very unlikely to cause a typical 
LDAP server to break a sweat. We can worry about this sort of thing 
later, which we should focus on at this point is to ensure we don't need 
to refactor our data down the line.

Here is a simple example entry that I use in production, with email:

dn: mail=foo@bar,ou=People,ou=Foo,o=Bar,c=UK
givenName: Foo
sn: Bar
mailAlternateAddress: treasurer@bar
mail: foo@bar
mailForwardingAddress: foo@baz
uid: foo
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: mailRecipient
objectClass: organizationalPerson
mailHost: mailserver.domain.com
mailDeliveryOption: mailbox
cn: Foo Bar

And without:

dn: mail=foo@example.com,ou=People,ou=Foo,o=Bar,c=UK
givenName: Foo
sn: Bar
mail: foo@example.com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: Foo Bar


View raw message