I agree with Kristian that LDAP and SQL are very different beasts.  Having
lived with both, I tend to work on the basis that LDAP can be a fast and
lightweight engine for high load read access and that talking to it
through an SQL layer could have performance implications.

On the other hand, using DBD::LDAP would have the advantage of taking the
handling of details of the LDAP connection and query parameters away from
SA.  I ended up with 7 SA configuration file parameters in my code for
LDAP-whitelisting (ok, I could have nailed some of them together) and
even with those I only cater for a subset of the LDAP authentication
schemes, etc, supported by Net::LDAP.  But having said that, it looks
from the DBD::LDAP documentation as if it's restricted in that way too
(e.g. I see no sign it supports SSL server certificates, whereas my code
for SA directly using Net::LDAP does).

On balance, I'd vote for handling LDAP explicitly.  I guess the question
is whether there's enough demand to justify the development/maintenance.


This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Spamassassin-talk mailing list

Reply via email to