Re: Comparing OpenLDAP on Linux 2.6/Sol 10 [ was Re: Berkeley DB versions ]

["James F. Hranicky" <jfh@cise.ufl.edu>]

On Mon, 16 Jan 2006 14:04:51 -0800
Quanah Gibson-Mount <quanah@stanford.edu> wrote:

> This seems somewhat broken to me -- What if information about a given user 
> changes?  For example, we lock out/freeze accounts based on DMCA 
> complaints.  That gets reflected in the directory server.  If the systems 
> were caching that data instead of doing live lookups, we'd have a major 
> problem on our hands.

Well, as long as you don't use it for long, I don't see it as a big
deal.

> This connection looks up the rdn of the users UID (SuRegID), and then uses 
> that to find out if they belong to a particular privilege group, doing a 
> compare.
>
> Again, no need for a database dump here.  The idea is that the LDAP server 
> *is* the database.

Sure. From what I can tell it will be a mix of both. The dump will probably
be required only occasionally, but I still want it to be efficient.

> If the Samba folks are dumping the entire database and caching it, it just 
> seems to me to be another instance of their lack of comprehension about how 
> to use LDAP.

Honestly, the smbd may only do that once, I don't really know. I'm not familiar 
with the internals, so a judgement on the Samba folks may be premature.

Jim