[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing Large Objects in an LDAP Tree

At 04:44 PM 2001-10-14, Marijn Meijles wrote:
>Would you put public keyrings in ldap, for

Ahh, let's examine this.  A public keys are generally structured
information, such as an X.509 certificate.

In X.500/LDAP, an implementation (which supports these features)
can do all kinds of content based lookups on certificates.  While you
can put certificates in a file system, doing content based
lookups is painful as general content search tools (find/grep)
don't understand the structure of the certificate. 

File systems deal with user data as blobs.  Directories deal with
user data as structured fields.  While you can store blobs in the
directory, one is generally better off using a file system for
storing many and/or large blobs.

So, yes, I would store certificates in a directory as I want
to be able to do sophisticated lookups against them.  Of course,
OpenLDAP doesn't implement certificate matching rules yet...  but
I hear they are in the works...