[Date Prev][Date Next]
Re: Questions about OpenLdap specifications
--On Tuesday, October 07, 2003 10:54 AM -0500 Albert Steiner at home
> 1) It seemed that the ACL process was at the entry level not the
About a year ago I was looking seriously at OpenLdap for our directory
attribute level. We needed to have a full set of attributes in the
directory, and products such as Eudora getting just the allowed
attributes not all of them. I was not able to get openldap to deliver a
restricted set of attributes for a request for all attributes.
We do this all the time, if I'm reading what you are saying correctly. We
have a 'whois' service that returns only attributes for a given entry based
upon visibility settings (private, stanford, world). Eudora can be set up
to query the directory and retrieve the 'world' marked attributes (since it
doesn't support GSSAPI Ldapv3 binds).
2) It seemed that when I changed the ACL, I needed to reload the
database. Is it possible to change schema's and ACL's without reloading
all of the data?
We do that all the time...
3) We need 24/7 registry (data for applications) and directory (White
Pages). The Sun One dual master seems to provide that.
I'm not clear why you need a dual master for this -- we have a single
master with 9 replicas. Using a load balance pool, 3 of them are locked
off strictly to one data consumer set, and the other 6 are available for
general querying usage.
4) Openldap had some advantages. Open software has advantages, but in
this case I couldn't see that they met out needs.
I'm interested in hearing how close it might come now.
OpenLDAP has met our needs and then some so far. Another advantage in our
eyes with OpenLDAP is the ability to talk directly with the developers, and
work with them on the creation of features that further expand the
capabilities of OpenLDAP, both for our environment, and for the use of
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html