FYI to others I reviewed Zisis work when he implemented subtree search into auth_ldap. https://bugs.launchpad.net/drizzle/+bug/932837 I also brainstormed the below a little bit.
As far as I'm concerned it makes sense to propose this. You are clearly knowledgeable about LDAP and already worked with similar part of the Drizzle code too. Also creating a ldap_policy plugin would nicely complement auth_ldap, so it makes sense. Since you are proposing your own idea we don't know who would mentor it, so you probably won't get much commentary at this point. I think you should just submit the GSoC application and put the below text into a new blueprint. (There will be a mentor if/when this is accepted, we just don't know who yet.) henrik On Sun, Apr 1, 2012 at 1:53 PM, Zisis Sialveras <zisi...@gmail.com> wrote: > Hello folks. > > I am an undergraduate student of Electrical & Computer Engineering and i > want to participate in Google's Summer of Code this year. > I am a little familiar with drizzle ( I have done a low-hanging-fruit ) and > I decide to purpose a project that is not on Drizzle's GSOC projects list. > > I want to implement LDAP policy plugin, which i am going to describe right > now. > Each Drizzle's schema (and each table under the schema) will have a record > in LDAP, and they will have attributes like posixUsers/posixGroups etc. > Each user will belong to a group and he will have attributes like > posixUsers/posixGroups too. > When user "foo" want to use a Drizzle's schema "bar", drizzle's > authorization API will call policy plugin and the policy plugin after > querying in LDAP databases it will decide if the "foo" is allowed or denied > access in "bar". > Also, i am considering to add a cache in the policy plugin. Each schema > (or/and table) should know which users had access on them recently. > > I am really hoping for reviews (if the idea sounds interesting) and more > ideas to improve it even more. > > Warmly > Zisis > > > _______________________________________________ > Mailing list: https://launchpad.net/~drizzle-discuss > Post to : drizzle-discuss@lists.launchpad.net > Unsubscribe : https://launchpad.net/~drizzle-discuss > More help : https://help.launchpad.net/ListHelp -- henrik.i...@avoinelama.fi +358-40-8211286 skype: henrik.ingo irc: hingo www.openlife.cc My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559 _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : drizzle-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
