[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Questions about OpenLdap specifications

--On Tuesday, October 07, 2003 10:54 AM -0500 Albert Steiner at home <a-steiner@northwestern.edu> wrote:

About a year ago I was looking seriously at OpenLdap for our directory
and registry.
> 1) It seemed that the ACL process was at the entry level not the
attribute level.  We needed to have a full set of attributes in the
directory, and products such as Eudora getting just the allowed
attributes not all of them.  I was not able to get openldap to deliver a
restricted set of attributes for a request for all attributes.

We do this all the time, if I'm reading what you are saying correctly. We have a 'whois' service that returns only attributes for a given entry based upon visibility settings (private, stanford, world). Eudora can be set up to query the directory and retrieve the 'world' marked attributes (since it doesn't support GSSAPI Ldapv3 binds).

2) It seemed that when I changed the ACL, I needed to reload the database. Is it possible to change schema's and ACL's without reloading all of the data?

We do that all the time...

3) We need 24/7 registry (data for applications) and directory (White Pages). The Sun One dual master seems to provide that.

I'm not clear why you need a dual master for this -- we have a single master with 9 replicas. Using a load balance pool, 3 of them are locked off strictly to one data consumer set, and the other 6 are available for general querying usage.

4) Openldap had some advantages. Open software has advantages, but in
this case I couldn't see that they met out needs.
I'm interested in hearing how close it might come now.

OpenLDAP has met our needs and then some so far. Another advantage in our eyes with OpenLDAP is the ability to talk directly with the developers, and work with them on the creation of features that further expand the capabilities of OpenLDAP, both for our environment, and for the use of others.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html