Hello all, This is my first post here, please let me know if I'm in the scope of the list with my questions.
I'm a developer who want to use an LDAP directory to authenticate his users. My tool has an interface to deal with Subversion (the version control tool) administration. - Subversion, via Apache, uses LDAP to authenticate users. - My tool uses LDAP to authenticate users too. - Subversion also provide a way to restrict access to some parts of the repository via a configuration file where you can tell who can access what. - This file is quite simple, it allows to define group of users (@members = john doe, foo, bar) but cannot use LDAP group definition. - My tool allows to define group of users (not yet in an LDAP group). - My users wants to re-use the user group defined in the application in the subversion access file. So, as far as I understand, I have to dump LDAP user info (their uid) into the access file (correct me if I'm wrong). But I have ~6000 users so the dump process is quite long. I made a first/basic implementation that get the user list from my database (a relational DB) and for each user, retrieve the corresponding uid (I only store the ldap id in my DB). It takes 5-10 minutes to complete. I made a second implementation that query several users per ldap search: (|(eduid=ed001)(eduid=ed002)...). It's more efficient (3mn to dump the base) but I'm not sure it's a good way to do it. I'm not find of this approach because the dump is counter productive: it loads the LDAP server, the info are not updated in real time, I need to dump the base on regular basis, it takes to much time, etc. Now, my questions: - Is their another way to achieve what I want without dump ? - If dump is mandatory, is their a more efficient way to do it ? -- Manuel --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
