[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-infrastructure-list] Database for Account System 2



Toshio Kuratomi wrote:
> On Sun, 2006-07-16 at 17:32 -0600, Jonathan Steffan wrote:
>   
>> Fedora Directory Server supports TLS and SSL. So does openldap. I think
>> an API built on top of LDAP would have more abilities. Does PGSQL
>> support slave servers and replication?
>>
>>     
> There are two good projects, slony-i_ and pg-cluster, that support
> master-slave replication and multi-master replication respectively.  I
> haven't used either but Curt Moore mentioned he uses slony-i during one
> of the IRC meetings.
>
> slony-i_ http://gborg.postgresql.org/project/slony1/projdisplay.php
> pg-cluster_ http://pgfoundry.org/projects/pgcluster/
>   
I ask because Fedora Directory Server does this well.
> I think we're going to be doing a lot of programming against the backend
> no matter what so I want to know what LDAP offers to me as a developer
> of web applications.
>   
To me, LDAP seems fairly supported... in the sense there is a published
schema so software developers have a 'map' to design by. For example,
Plone allows you to map internal user variables to proper LDAP schema
and it works out well (a fairly standard schema [inetOrgPerson] has all
the needed user properties.) I have a few projects going to test if a
single LDAP user directory would be able to authenticate Bugzilla,
plone, moinmoin and SVN/CVS.
> - python-ldap seems to be the python bridge to ldap.  Arethere
> alternatives or is this the way to go?
>   
As I am not a python guru yet, and thus this is all I have worked with.
> - Can we update the LDAP schema easily when we decide we need to take
> more information?  (We need to start retinal scans for security or want
> to have hackergotchi to make the entries more personalized in the
> future.)
>   
Yes.
> - SQL has grant and revoke to assign users privileges on individual
> database tables.  Does LDAP have similar?  (I find I use SQL's
> separation of select, update, and insert as well.  I don't know if we'd
> need more than read-write vs read-only for the account db but is it
> possible to separate all of these independently?)
>   
Fedora Directory Server supports a very fine grained security model.
Some random links:

http://directory.fedora.redhat.com/wiki/Architecture#Roles
http://directory.fedora.redhat.com/wiki/Features
http://directory.fedora.redhat.com/wiki/Get_Effective_Rights_Design
> - SQL and python have SQLObject to make python objects backed by SQL db
> storage very easy.  I don't know if we want this for the accounts db
> (security may not be fine-grained enough)
>   
I have only worked with hacking existing python code and working with
the perl DBI (supporting LDAP) and other CPAN modules for working with LDAP.
> - I enjoy postgresql's ability to constrain data via foreign keys,
> regexps, etc.  Does LDAP allow the same type of things in its schemas?
>
> -Toshio
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>   

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]