RE: Proxy cache extension for OpenLDAP

["Howard Chu" <hyc@symas.com>]

> -----Original Message-----
> From: Apurva Kumar [mailto:kapurva@in.ibm.com]
>
> LDAP proxy cache docs in HTML.

Thanks. It's a fascinating idea. The effect of ACLs on cached results isn't
considered though; I guess you assume that all clients of the proxy will have
equal privileges on the remote server. (That's a fair enough assumption for
many scenarios, it just needs to be stated.)

You can implement your cache_backend APIs without directly modifying
back-ldbm. Look at the callback facility, see backglue.c for an idea of how
to use it. If you use the callback approach that backglue uses, your cache
can interface to any of the existing backends without needing to modify their
code in any way. sasl.c and saslauthz.c also contain a number of examples of
how to perform searches using callbacks to execute a variety of different
operations. (This callback facility is very powerful. We used it extensively
in Connexitor to do a lot of things that normal X.500-based directories can't
do.) I would very much like to see a version of this code that doesn't rely
on directly extending back-ldbm or any other backends (besides back-ldap).

Also, there should be some kind of cache aging parameter to eliminate stale
data from the cache. A trickle-refresh scheme might be interesting as well,
but that's probably not necessary right away.

It's a very good effort. I think the query containment and query template
approach makes sense. Hopefully some more folks will examine this patch and
chime in.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support