directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Stoianov" <>
Subject Re: Database information back end
Date Wed, 22 Nov 2006 17:32:49 GMT
On 11/21/06, Alex Karasulu <> wrote:
> George Stoianov wrote:
> >> > (leaning towards an rdbms aren't you
> >> > using BerkleyDB??),
> >>
> >> nope, because the BDB license prohibit it.
> >
> > Really so what kind of files are the .db files in var??
> They are JDBM files ...

I see with the B-Tree instead of the H-Tree as I learned from the web site.

> Is the license
> > problem a problem in combination with the Apache license??
> Yep it's too viral.
> Berkley DB
> > is dual licensed right?
> Yep it is.
> Or did Oracle change all of that?
> No they kept the original licensing terms.
> >> > but still as a person that has/is using databases
> >> > for many other things I see some benefits to be had if you could
> >> > enable at least the presentation of database data in response to ldap
> >> > queries.
> I see what you mean.  You want a virtual directory.

I guess, I have no clue what virtual directories are. Are they a way
to present an LDAP tree from a non-native datasource be it an rdbms, a
file or another ldap server???
Is this is any indication
then that is what I am looking for/need.

>I think it is about
> time we tried to build something like that here.  You interested in
> working on that here?

Am I interested - yes. I do not know what is involved though nor how
you guys operate my availability is not very good but assume almost
everyone else will have a day job as well...

> >>  There is no way to do that, because LDAP is a protocol which enforce the
> >> response structure...
> >
> > Can you eloborate on this?? To me it seems that when I ask for Jane
> > Smith from the HR department from the Oxford office in the UK I can do
> > that same thing using sql selecting the country table than the office
> > table with cities and then the people table and then Jane Smith. As
> > far as the response structure I think that is true for every protocol
> > and yet the end data storage for many of them is an rdbms. This is
> > where the middle program/ldap server provides the proper
> > representation of the response in my mind.
> I think I understand what you want to do.  You want to present a
> specific RDBMS schema as a Directory Information Tree.  You want to
> adapt one access model to another essentially.  This is what virtual
> directories do.
> Is this what you want to do?

Precisely I am not looking to force a specific structure that may be
slow/inefficient or inappropriate but just add the capability to plug
in another schema/directory tree as an information provider. I am
looking for modularity that makes code and software reuse easier and
also adds some capabilities that will be benefitial to a particular
group or scenario like mine :).

> >> > if I have a person that belongs to two different
> >> > departements I would have to create two records for that person and
> >> > all the common data would be duplicated in order to have that person
> >> > access the different resources for the other department.
> >>
> >> You could also use aliases, to avoid such a duplication. Basically, you
> >> point to the unique entry by its path (DN)
> >
> > I do not think so as an alias would point to the same entity, which
> > would not solve the problem of the same entity having different
> > attributes or attribute values, depending on the location in the node
> > structure.
> Sounds like you want different views/perspectives of the same entry in
> different places.
> ...


> > Yes X.500 is complex :) . Triplesec is not LDAP server right? I need
> > an ldap server as that is what the application using the groups and
> > people credentials uses natively.
> Triplesec builds on top of ApacheDS so yes it is an LDAP server with
> some customizations.
> >> We also have two presentations done in ApacheCon EU last october :
> >>
> >>
> >>
> >> and
> >>
> >>
> >
> > So with stored procedures I can store a Java object and have it called
> > with a standar ldap query and it can return whatever text value I
> > choose??? That seems like a really good way to do what I need the
> > security concerns are kind of troublesome but if you can isolate the
> > calls to just one secured process you maybe OK doing it this way. Do
> > you have a step by step example of doing this?
> Ersin's the man behind this great work.  Perhaps he can chime in.

I see you are discussing documentation now ... I do not known if I am
a correct representative of the groups most interested in open source
projects but one think find difficult looking at a project at first is
the lack or incomplete documentation the mailing list is usually the
best place to learn things :) and I am perfectly OK with that. Here is
a link I found to a book on X.500 on the web that may help with the
documentation: I am not sure but I
think linking to it may have to be cleared with the author.

Thanks for your help, I am still learning about LDAP and ADS.

> Regards,
> Alex

View raw message