[nycphp-talk] LDAP for web authorization?
edward potter
edwardpotter at gmail.com
Tue Nov 21 13:52:43 EST 2006
my understanding of LDAP (I was immersed in it for a bit back in the
boom), is it's really optimized for name/address lookup applications
(colleges, hospital directories, etc). I know some people have tried
to use it for securing directories at various levels, not sure how
that worked out.
I think for its designed purpose, there is probably no db engine that
can match it in speed for what it does best, SIMPLE looks ups.
Anything beyond that (as described in your post), is for sure a
mysql/db type application. The syntax always drove me crazy, I noticed
the coding pros were all english majors, who hacked LDAP on the side.
Language of choice working with LDAP? I would suspect that the
biggest systems are perl based.
:-) ed
On 11/21/06, Randal Rust <randalrust at gmail.com> wrote:
> On 11/2/06, charlie derr <cderr at simons-rock.edu> wrote:
>
> > > I am in the middle of a project where the client uses LDAP not only as
> > > a authentication tool, but also as a data store. My understanding is
> > > that LDAP is not supposed to be used as a data store that is
> > > frequently updated. Am I correct?
>
> > If your client has no problem with the slower pace of writing back to the directory, I'd say there's nothing wrong with using it in this way.
>
> While I understand what you are saying, I don't think I properly
> explained what the client is doing. They store all of their data in
> the LDAP, then they run a bunch of batch files on a nightly basis that
> exports the data from the LDAP to CSV files, so that the data can then
> be imported into Access, MySQL and other data sources.
>
> There is a lot of hoop-jumping required because LDAP is the primary
> data store. For example, one of the required attributes is 'recordID.'
> To get that, which is essentially a primary key for the MySQL export,
> we have to go out and open a file that stores all of the recordIDs,
> get the last one in the file, increment it by one, and then use that
> value when we do the ldap_add().
>
> I just think it would make a lot more sense to use MySQL as the
> primary data store, and then extract the data as an LDIF for import in
> to LDAP.
>
> --
> Randal Rust
> R.Squared Communications
> www.r2communications.com
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
the Blog: http://www.utopiaparkway.com
the Karma: http://www.coderswithconscience.com
the Projects: http://flickr.com/photos/86842405@N00/
the Store: http://astore.amazon.com/httpwwwutopic-20
More information about the talk
mailing list