[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: want to understand how back-ldap works...
[copied to -devel, it seems to be at least of historical interest and the
caching is certainly a -devel topic]
If all you want to do is cache search results, certainly it can be done and
you only need to hook into back-ldap/search.c. I suppose you could copy the
cache management approach that back-ldbm uses.
There were two main purposes I had in mind with this code - first to provide
a base for supporting chaining in slapd and second to provide a proxy that
could be used on a firewall. I had another goal to grow this into a more
powerful backend that could glue multiple foreign LDAP servers into a single
namespace. That purpose has since been subsumed by Pierangelo Masarati's
back-meta, which is a superset of back-ldap. Additionally, I have created
backglue which can glue multiple slapd databases into a single namespace.
backglue in combination with back-ldap, back-ldbm, or back-meta can be used
to integrate any LDAP hierarchy, local or remote. This provides a very
powerful mechanism for distributed information management, as directories
can be stacked on top of each other to arbitrary depths. Each directory can
be managed independently by its local administrators, while still providing
a unified global view. It provides the integration benefits of a
metadirectory in realtime, without incurring the import/canonicalization
overhead the current metadirectory "solutions" cost. Also, while the
subordinate directories can be run independently, "superadministrators" can
be designated, supported by a suitably configured PKI. The concepts
presented here are key points of the Connexitor product that we developed at
Symas. (Connexitor goes several steps further; we also have an integrated
CA/PKI management system, automated rights management, and agents for
managing non-LDAP entities. It's nice to be able to manage lots of LDAP
directories from one place, but even better to be able to manage the rest of
the world as well...)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: anish sheth [mailto:asheth@cisco.com]
> Sent: Thursday, December 27, 2001 3:52 PM
> To: Howard Chu
> Subject: RE: want to understand how back-ldap works...
>
>
> hi howard,
>
> I was looking for caching in the ldap server. basically caching
> the entries
> that back-ldap gets from the remote server with some timeout or
> some other
> scheme. If I want to modify the back-ldap to support something like this,
> will it require major changes to the back-ldap module design or existing
> design of the module supports adding such extentions?
>
> can you please also explain what was the main goal for developing this
> backend?
>
> Thanks,
> -anish
>
> At 03:22 PM 12/27/01 -0800, you wrote:
> >There really isn't much documentation to speak of. There is no explicit
> >support for caching either. I don't recall if the OpenLDAP client library
> >still does caching or not, I think not.
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support
> >
> > > -----Original Message-----
> > > From: anish sheth [mailto:asheth@cisco.com]
> > > Sent: Thursday, December 27, 2001 11:33 AM
> > > To: Howard Chu
> > > Subject: want to understand how back-ldap works...
> > >
> > >
> > > hi howard,
> > >
> > > I want to understand how the back-ldap works with openldap
> server. I was
> > > going through the source code and looks like you have written the
> > > code for
> > > this. I wanted to find out what features this backend supports, like
> > > caching, configuration options in ldap config file etc...
> > > The admin guides and other documents on the openldap site does
> > > not provide
> > > any information on this backend. Can you please provide some
> > > references to
> > > documentation for this backend?
> > >
> > > Thanks,
> > > -anish
> > >
>