[nycphp-talk] LDAP for web authorization?
Randal Rust
randalrust at gmail.com
Tue Nov 21 10:08:44 EST 2006
On 11/2/06, charlie derr <cderr at simons-rock.edu> wrote:
> > I am in the middle of a project where the client uses LDAP not only as
> > a authentication tool, but also as a data store. My understanding is
> > that LDAP is not supposed to be used as a data store that is
> > frequently updated. Am I correct?
> If your client has no problem with the slower pace of writing back to the directory, I'd say there's nothing wrong with using it in this way.
While I understand what you are saying, I don't think I properly
explained what the client is doing. They store all of their data in
the LDAP, then they run a bunch of batch files on a nightly basis that
exports the data from the LDAP to CSV files, so that the data can then
be imported into Access, MySQL and other data sources.
There is a lot of hoop-jumping required because LDAP is the primary
data store. For example, one of the required attributes is 'recordID.'
To get that, which is essentially a primary key for the MySQL export,
we have to go out and open a file that stores all of the recordIDs,
get the last one in the file, increment it by one, and then use that
value when we do the ldap_add().
I just think it would make a lot more sense to use MySQL as the
primary data store, and then extract the data as an LDIF for import in
to LDAP.
--
Randal Rust
R.Squared Communications
www.r2communications.com
More information about the talk
mailing list