On 12.07.2013 13:54, 刘新星 wrote: > Thank you for your suggestions! > > mod_ldap for performance improvement is a further consideration. > > Actually I want to add ldap support for mod_authz_svn most. > As far as I can see, when we need ldap authentication, we would take > these combination 'apache + subversioin'. > Is it a good idea to move ldap.c from libsvn_subr to mod_authz_svn ?
First of all, there should be no ldap.c in Subversion. If you want to use LDAP, use the apr-util LDAP API. See: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/apr_ldap.h.in?view=markup >From the above it follows that libsvn_subr is not the right place to put LDAP support. That can be, at best, a server feature, so you're basiclly looking at adding it to svnserve and nowhere else, using the LDAP support provided by apr-util. I am strongly against the idea of adding LDAP support to mod_authz_svn. There is already a mod_ldap, it doesn't make sense to duplicate functionality. If mod_ldap has performance problems -- well then, that's the place to solve them. It's open source after all. Adding /group/ support to mod_authz_svn is completely orthogonal to LDAP. Let's not mix the two issues. And frankly, I'd rather spend time adding proper group- and role-based authorization to the repository than heaping more stuff onto the current config-file-based authz layer. -- Brane -- Branko Čibej | Director of Subversion WANdisco // Non-Stop Data e. br...@wandisco.com
