George Stoianov wrote:
> (leaning towards an rdbms aren't you
> using BerkleyDB??),
nope, because the BDB license prohibit it.
Really so what kind of files are the .db files in var??
They are JDBM files ...
http://jdbm.sourceforge.net/
Is the license
problem a problem in combination with the Apache license??
Yep it's too viral.
Berkley DB
is dual licensed right?
Yep it is.
Or did Oracle change all of that?
No they kept the original licensing terms.
> but still as a person that has/is using databases
> for many other things I see some benefits to be had if you could
> enable at least the presentation of database data in response to ldap
> queries.
I see what you mean. You want a virtual directory. I think it is about
time we tried to build something like that here. You interested in
working on that here?
There is no way to do that, because LDAP is a protocol which enforce the
response structure...
Can you eloborate on this?? To me it seems that when I ask for Jane
Smith from the HR department from the Oxford office in the UK I can do
that same thing using sql selecting the country table than the office
table with cities and then the people table and then Jane Smith. As
far as the response structure I think that is true for every protocol
and yet the end data storage for many of them is an rdbms. This is
where the middle program/ldap server provides the proper
representation of the response in my mind.
I think I understand what you want to do. You want to present a
specific RDBMS schema as a Directory Information Tree. You want to
adapt one access model to another essentially. This is what virtual
directories do.
Is this what you want to do?
> if I have a person that belongs to two different
> departements I would have to create two records for that person and
> all the common data would be duplicated in order to have that person
> access the different resources for the other department.
You could also use aliases, to avoid such a duplication. Basically, you
point to the unique entry by its path (DN)
I do not think so as an alias would point to the same entity, which
would not solve the problem of the same entity having different
attributes or attribute values, depending on the location in the node
structure.
Sounds like you want different views/perspectives of the same entry in
different places.
...
Yes X.500 is complex :) . Triplesec is not LDAP server right? I need
an ldap server as that is what the application using the groups and
people credentials uses natively.
Triplesec builds on top of ApacheDS so yes it is an LDAP server with
some customizations.
We also have two presentations done in ApacheCon EU last october :
http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf
and
http://people.apache.org/~ersiner/apachecon-us06/
So with stored procedures I can store a Java object and have it called
with a standar ldap query and it can return whatever text value I
choose??? That seems like a really good way to do what I need the
security concerns are kind of troublesome but if you can isolate the
calls to just one secured process you maybe OK doing it this way. Do
you have a step by step example of doing this?
Ersin's the man behind this great work. Perhaps he can chime in.
Regards,
Alex
