[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: front, back, middle...

I think if you've already read my presentation
http://www.openldap.org/conf/odd-sfo-2003/howard-arch.html there's not much
more rationale I can give you. Jong's results show that the streamlining goal
has already paid off - the code is leaner and faster.

Everyone has their hotlist of features to add, but if each added feature adds
bloat onto an already bloated base, everyone loses. The new API makes the
existing functionality faster, and makes it practical to add new extensions
without dragging performance down farther.

For one specific example, I'm a fan of X.500 chaining; I would like to
implement it here but it would have been difficult and costly
(performance-wise) with the previous API. With the new API it's simple to
chain operations from subroutine to subroutine, module to module, and DSA to

I suppose the middle layer I'm talking about equates to SLAPI in terms of
what it allows you to do - plugins to intercept operations, and preprocess
them before some underlying database gets them, or postprocess afterward. But
the idea is to let you stack not just custom plugins, but also the existing
database backends, with minimal changes to their internals. Much like SysV
STREAMS lets you push drivers and modules on top of each other to create a
network protocol stack.

One problem that I encounter from time to time, is people trying to unify
authentication between Windows and Unix systems. Sometimes you can't
completely get rid of the Windows PDC, you just have to make the two co-exist
and keep them in sync. This isn't so bad, except you need some extra code to
run somewhere that converts a plaintext userPassword into an AD unicodePwd. A
small perl snippet will do the trick, but then you're stuck implementing the
rest of LDAP in your perl module. If instead, you simply layered back-perl
over back-ldap, you get the problem solved very cheaply - a few lines of perl
code that execute for that one modify password operation, with everything
else passing thru at full speed.

Does that make it any clearer?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]
> Sent: Wednesday, April 02, 2003 3:03 AM
> To: hyc@highlandsun.com
> Cc: openldap-devel@OpenLDAP.org
> Subject: Re: front, back, middle...
> Howard,
> your considerations are very interesting.  I was making
> similar speculations on a portion of what you proposed,
> mainly the part related to moving rewrite before backend
> selection, and generalizing back-meta to backend selection;
> you are moving some steps further.  I'll have a deeper look
> at your mail; however, I note that since I'm not working
> at the sources with the required continuity, I'm getting
> lost in this callback stuff you recently put in.  Maybe
> you may try to give some deeper rationale about the changes
> you're making :)
> Ando.
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it