On 11/21/06, Alex Karasulu <[EMAIL PROTECTED]> wrote:
George Stoianov wrote:
>> > (leaning towards an rdbms aren't you
>> > using BerkleyDB??),
>>
>> nope, because the BDB license prohibit it.
>
> Really so what kind of files are the .db files in var??
They are JDBM files ...
http://jdbm.sourceforge.net/
I see with the B-Tree instead of the H-Tree as I learned from the web site.
Is the license
> problem a problem in combination with the Apache license??
Yep it's too viral.
Berkley DB
> is dual licensed right?
Yep it is.
Or did Oracle change all of that?
No they kept the original licensing terms.
>> > but still as a person that has/is using databases
>> > for many other things I see some benefits to be had if you could
>> > enable at least the presentation of database data in response to ldap
>> > queries.
I see what you mean. You want a virtual directory.
I guess, I have no clue what virtual directories are. Are they a way
to present an LDAP tree from a non-native datasource be it an rdbms, a
file or another ldap server???
Is this is any indication
http://developers.slashdot.org/article.pl?sid=05/06/06/1036204&from=rss
then that is what I am looking for/need.
I think it is about
time we tried to build something like that here. You interested in
working on that here?
Am I interested - yes. I do not know what is involved though nor how
you guys operate my availability is not very good but assume almost
everyone else will have a day job as well...
>> There is no way to do that, because LDAP is a protocol which enforce the
>> response structure...
>
> Can you eloborate on this?? To me it seems that when I ask for Jane
> Smith from the HR department from the Oxford office in the UK I can do
> that same thing using sql selecting the country table than the office
> table with cities and then the people table and then Jane Smith. As
> far as the response structure I think that is true for every protocol
> and yet the end data storage for many of them is an rdbms. This is
> where the middle program/ldap server provides the proper
> representation of the response in my mind.
I think I understand what you want to do. You want to present a
specific RDBMS schema as a Directory Information Tree. You want to
adapt one access model to another essentially. This is what virtual
directories do.
Is this what you want to do?
Precisely I am not looking to force a specific structure that may be
slow/inefficient or inappropriate but just add the capability to plug
in another schema/directory tree as an information provider. I am
looking for modularity that makes code and software reuse easier and
also adds some capabilities that will be benefitial to a particular
group or scenario like mine :).
>> > if I have a person that belongs to two different
>> > departements I would have to create two records for that person and
>> > all the common data would be duplicated in order to have that person
>> > access the different resources for the other department.
>>
>> You could also use aliases, to avoid such a duplication. Basically, you
>> point to the unique entry by its path (DN)
>
> I do not think so as an alias would point to the same entity, which
> would not solve the problem of the same entity having different
> attributes or attribute values, depending on the location in the node
> structure.
Sounds like you want different views/perspectives of the same entry in
different places.
...
Yes
> Yes X.500 is complex :) . Triplesec is not LDAP server right? I need
> an ldap server as that is what the application using the groups and
> people credentials uses natively.
Triplesec builds on top of ApacheDS so yes it is an LDAP server with
some customizations.
>> We also have two presentations done in ApacheCon EU last october :
>>
http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf
>>
>>
>> and
>>
>> http://people.apache.org/~ersiner/apachecon-us06/
>
> So with stored procedures I can store a Java object and have it called
> with a standar ldap query and it can return whatever text value I
> choose??? That seems like a really good way to do what I need the
> security concerns are kind of troublesome but if you can isolate the
> calls to just one secured process you maybe OK doing it this way. Do
> you have a step by step example of doing this?
Ersin's the man behind this great work. Perhaps he can chime in.
I see you are discussing documentation now ... I do not known if I am
a correct representative of the groups most interested in open source
projects but one think find difficult looking at a project at first is
the lack or incomplete documentation the mailing list is usually the
best place to learn things :) and I am perfectly OK with that. Here is
a link I found to a book on X.500 on the web that may help with the
documentation: http://sec.cs.kent.ac.uk/x500book/ I am not sure but I
think linking to it may have to be cleared with the author.
Thanks for your help, I am still learning about LDAP and ADS.
George
Regards,
Alex
