> > Sure they do; we've had an LDAP "business directory" (whatever that
> > means) for years and years. And I've yet to have to do a subtree rename
> > - because we don't use hierarchy when hierarchy provides no benefit and
> > you can accomplish the same thing with filters.
> Thanks for sharing experience!
> Can I know if there is a reason to use any kind of hierarchy structure
> at all? Well I already know one, ease of replication (certain subtree
> can be on a different server), is there any other?
When it facilitates replication, access control, or partitioning. Which
have already been listed.
> If there is no good reason or situation where we should prefer hierarchy
> structure, I got a good lesson to learn this time. I was a bit "mislead"
> because I read no less then 5 reference implementation (googled from
> online, some are university implementation for students record etc )
> before starting ours and they all use hierarchy structure. Maybe that's
> because they considered this first, that a university is unlikely to
> rename, but they probably also have other reasons to prefer hierarchy
> structure.
In the case of a University I can see separating staff from students
since you might need to replicate student information to different
server, they might be partitioned, and they certainly have different
access controls.
> > > In this case people might also suggest we should start from a relational
> > > database but 1) our data is truly mostly read: ratio of read and write
> > > is close to 1000/1 and I think this qualify LDAP definition; 2) our data
> > > should be used by a lot of difficult situation (scripts to generate
> > > report lists, web application, client PIM software, variable data
> > > publication etc) and using standard interface like LDAP can greatly help
> > > ease the implementations.
> > I don't see the point or what you mean by #2 at all. SQL isn't a
> > standard?
> I just need to explain my situation (scripts to generate report lists,
> web application, client PIM software, variable data publication etc) to
> a much more detailed example so you get me. SQL is standard, it is
> standard to this extent:
> I. if we use SQL, after web application is done, next task is to
> design a plug-in for Outlook so that they can access the
> business directory, for the plug-in to work I need to dig into
> MS Office SDK and learn XML-rpc and provide something on the
> server end to handle the XML-RPC and convert to SQL statement to
> sort out the result.
Have you actually tested - in real life - using LDAP from Outlook?
Don't assume that "supports LDAP" means everything will just work. You
may very well discover that the data you need doesn't appear. And you
do know that LDAP in Outlook is *read only*? Users cannot modify
anything.
> II. After this is done, next task is to design a plugin that work
> with Lotus Notes.
If you have Lotus Notes why don't you just use Lotus Notes? It sounds
in part like what you want is a groupware server - LDAP makes a
genuinely crappy groupware / collaboration solution.
> III. And after that, for variable data publication to work, a plugin
> for publication design software is needed to fetch data from a
> server (probably can handle XML-RPC) which in turn run SQL
> statements. Next task is to consider security issues of all
> these plug-ins.
It isn't that hard to provide LDAP access to an SQL database if you have
some proprietary package ("publication design software"?) that can
already use LDAP. I'm pretty certain Exchange and Lotus Notes already
provide LDAP access to data.
> IV. Other small cases: e.g. someone need a report that made up out
> of the list of 30 most recently updated records. For security
> reasons I don't open SQL access directly to this person who I
> don't know before, so I have to write a script on SQL server
> that give him raw data needed for the report. (in case of LDAP,
> he can connect to the LDAP server with any tool he like to use,
> and he don't even need to call me to let me know he is working
> on a report because he can use the same identity to login as he
> login with Outlook)
You need to try using a modern SQL RDMBS; access can be granted /
restricted with nearly as much granularity as in LDAP. I think your
idea is good in theory but how do you intend to query for the "list of
30 most recently updated records". The available LDAP tools ["with any
tool he like to use"] are mostly quite primitive and certain not in the
least end-user friendly.
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
