[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Questions about OpenLdap specifications

To: Albert Steiner at home <a-steiner@northwestern.edu>, openldap-software <openldap-software@OpenLDAP.org>
Subject: Re: Questions about OpenLdap specifications
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 07 Oct 2003 10:18:12 -0700
Content-disposition: inline
In-reply-to: <6.0.0.22.2.20031007102959.0445a700@hecky.it.northwestern.edu>
References: <6.0.0.22.2.20031007102959.0445a700@hecky.it.northwestern.edu>

--On Tuesday, October 07, 2003 10:54 AM -0500 Albert Steiner at home <a-steiner@northwestern.edu> wrote:

About a year ago I was looking seriously at OpenLdap for our directory
and registry.

> 1) It seemed that the ACL process was at the entry level not the

attribute level.  We needed to have a full set of attributes in the
directory, and products such as Eudora getting just the allowed
attributes not all of them.  I was not able to get openldap to deliver a
restricted set of attributes for a request for all attributes.

We do this all the time, if I'm reading what you are saying correctly. We have a 'whois' service that returns only attributes for a given entry based upon visibility settings (private, stanford, world). Eudora can be set up to query the directory and retrieve the 'world' marked attributes (since it doesn't support GSSAPI Ldapv3 binds).


2)  It seemed that when I changed the ACL, I needed to reload the
database.  Is it possible to change schema's and ACL's without reloading
all of the data?


We do that all the time...


3)  We need 24/7 registry (data for applications) and directory (White
Pages).  The Sun One dual master seems to provide that.

I'm not clear why you need a dual master for this -- we have a single master with 9 replicas. Using a load balance pool, 3 of them are locked off strictly to one data consumer set, and the other 6 are available for general querying usage.

4) Openldap had some advantages. Open software has advantages, but in

this case I couldn't see that they met out needs.

I'm interested in hearing how close it might come now.

OpenLDAP has met our needs and then some so far. Another advantage in our eyes with OpenLDAP is the ability to talk directly with the developers, and work with them on the creation of features that further expand the capabilities of OpenLDAP, both for our environment, and for the use of others.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Questions about OpenLdap specifications
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Questions about OpenLdap specifications
  - From: Albert Steiner at home <a-steiner@northwestern.edu>

Prev by Date: slappasswd not working
Next by Date: Re: [openldap2.1.12] script of automatic restarting for linux
Index(es):
- Chronological
- Thread