[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] LDAP concept
From: |
Alex Borges |
Subject: |
Re: [Phpgroupware-developers] LDAP concept |
Date: |
31 Jul 2003 13:16:35 -0500 |
Ive read it and liked it. Very good stuff, thank you.
I pretty much agree with the whole mapping but would like to get more
feedback from ldap-centric systems administrators. Just so we dont mess
up (you also mentioned this, we agree).
The new db schema is much larger and its goal is to be a good central
pivot upon which more complex applications can be built. It takes us out
of limitations about ppl belonging to multiple orgs, viceversa, maybe
even multiple resources belonging to multiple orgs and inheriting some
of the orgs attributes (building A belongs to org 1 which has address
X).
So its all good and powerfull. The problem is implementing the same
thing, with the same interface to the contacts frontend programmers
efficiently, regardless if the contact's data is in ldap. Thats the
problem. And everyone knows that its not doable in a flexible enough way
(the only posibility is to force the ldap structure to be in a
particular way, which defeats the posibility of just plugging phpgw to
an existing ldap design). So noone i shooting for that right now,
everyone wants read only to the ldap and I think thats a good common
ground.
The only real problem we (who are implementing the new contacts backend)
have not solved is the account/contacts link where accounts are in
ldap. Of course, we are leaving that last because we have no use for it
so far (the beauty of PAM), but some of you have commented that the link
to accounts could be either an LDAP DN or a contact id directly to the
accounts db. Hell, the accounts api can be used for it as well, so all
problems are defeated. I just want to say we have not gone that far and
that any ideas are greatly appreciated.
El lun, 21-07-2003 a las 07:24, Philipp Kamps escribió:
> Hi everybody,
>
> I published an early draft of the LDAP concept I wrote.
> It just gives some ideas how the phpGroupware could
> improve the use of LDAP.
>
> It is written for people who already have some experience
> with LDAP. The LDAP stuff sometimes is not so easy and
> my not very strong English doesn't make it better ;-).
>
> Here is the link:
> http://www.probusiness.de/projekte/phpgroupware/pdf/LDAPconcept.pdf
>
> I'm very thankful for any discussion, corrections or feedback to this
> text.
>
>
> Just a comment what Dave Hall wrote:
> "Our plan is to make LDAP available as a read only snap shot of the SQL
> contacts repository. The LDAP contacts will be updated on
> each change."
> Using LDAP as a read only snap shot is really the best solution in my
> opinion. Actual, existing relations (like the relation of
> categories) between an entry in LDAP and table rows in the database
> extremely slows things down. In the snap shot variant you only need a
> 1:1 relation between address rows in the database and the LDAP entries.
>
> The concept I wrote doesn't go so far. It shows minor improvements
> which could be realized without changing the existing structure to
> much. But when implementing the proposed changes for accounts and
> addresses (proposed in the mailing list) this should be discussed in
> detail.
>
> Regards, fips
>
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>