[Agendaware-dev-server] LDAP thoughts
Status: Inactive
Brought to you by:
zacklink
Menu
▾
▴
[Agendaware-dev-server] LDAP thoughts
|
From: zack <za...@th...> - 2001-11-08 04:32:27
|
I was thinking about how to implement dir services with ldap, and this is what I think so far... It makes sense that all ldap queries go from the server to the ldap server, and the client uses xml, per normal, to query the agenda server. Here is why... 1) The client will have a private address book. If that is in the db (I don't think we want to put private addressbooks in ldap), then the client will be querying the agenda server anyway for that. So the client just knows one way to query (XML). 2) It allows more for more secure ldap, as their is one account, one host to deal with. And if it is a remote ldap server (let's say maintained by a different division, with a different agenda server) it makes connectivity easier as far as going through firewalls, NATing etc. Not to mention account mgmt issues on ldap server. 3) There is no reason to have a granularity per workstation for ldap config. And if different users have different ldap config for some reason, addressing will be all screwed up. One of the specs I imagined for this is to support roaming users. Having a centralized server (or farm) will make this easier. 4) Changing ldap servers will only require a change in one place. 5) If/When scaling to multiple agenda "domains" (group of users managed by one or more servers), it will make server to server querying possible (if server to server querying is what we want to do) There are also a couple of minuses like ... 1) More load on the server 2) Less flexibility or granularity on a per user or workstation basis But I think the pros outweigh the cons, specifically 1) can be overcome with other good design, and 2) I don't think is going to be a n advantage, just add potential pitfalls. Anyone else have any thoughts on this? Zack |
