Re: Production use of OpenLDAP

[Ben Collins <bcollins@debian.org>]

On Fri, Jan 07, 2000 at 04:27:00PM +0100, Kristian Köhntopp wrote:
> 
> Ben Collins wrote:
> > On Fri, Jan 07, 2000 at 02:37:31PM +0100, Kristian Köhntopp wrote:
> > > How do you maintain the integrity of your data,
> > > that is, how do you check that references between
> > > different objects are kept intact and up-to-date,
> > > that attributes get only valid values and the like?
> > 
> > The developers' directory is referenced against the main PGP keyring. The
> > packages' directory will be referenced against the information found right
> > in the packages (ie. the physical archive). Most of the programming is
> > done via perl-ldap and python-ldap.
> 
> I see. This is very manual. What I was 
> actually looking for is some kind of
> plugin API, where I can insert shared library
> code into the server which is then called
> back before and after different operations
> such as inserts and updates. I might then
> return false or true before an insert or
> update and thus veto or allow a certain 
> operation.

If there is such a backend, you can almost use it to propogate the data.
Which makes changes somewhat obsolete. The database that we are setting up
is not changeable by but a few people, so it's integrity from a schema and
validation perspective is moot. We don't have to worry about "worker-a"
putting in the wrong data, we just have to make sure that the directory is
synced with the physical archive.

What you are talking about sounds more like schema enforcement anyway, so
that probably suits the task much better.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'