[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Backends Performance



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Koray ATSAN wrote:
| Kurt,
|
| AS far as I know (thats not too far), you can write backend modules that
| integrates your own code to OpenLDAP.
| My goal is to write such a backend which will process the incoming
| requests (authenticated and confidential) and return the result to the
| requestor in the same manner . That is actually an authentication and
| confidentiality layer on top of LDAP server. I beleive that this is
| technically possible but I am uncertain if this approach is gonna suffer
| from performance. That is;  do you think this approach will significantly
| lower the response time to the user?
| One can use OpenSSL to do this task but still there is certificate
| handling overhead and the complexity of the protocol itself. Thats why
| people use hardware accelarators to use SSL.
|

Hi,
backend modules don't communicate with the user at all. The backend's
purpose is to act as the communitcation layer between a datastore (e.g.
a berkley-db database) and the LDAP-Server.

If you want to use other authentication mechanisms than the simple
(cleartext) authentication or entcryption of the data, you should look
into SASL or TLS. Both mechanisms support encryption of the
communitcation channel and both are included in OpenLDAP. If you need
your own authentication mechanism it might be possible to add it to the
SASL framework (but this is quite off topic in this context).

Yours
Stephan Siano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+nrkNqA9BW6fcBwIRAvrOAJ4yXqMW99zw//BuE/MSPAxHh6fA9gCfZ8dj
viV4RtAh+YjLpSjkA9vn1AA=
=4rC2
-----END PGP SIGNATURE-----