The main problem about your design is that LDAP is not transactional. If you dont need
a transactional based solution then go ahead. After that, pooling and mapping is
trivial.
Adding a transaction managarer is not too hard either.
-----Original Message-----
From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 04, 2001 2:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Reading LDAP data with EJBs
José, have you ever considered to implement LDAP as a JDBC 2.0 driver? you
could there handle pooling, reuse
anything your want.
BTW, won't you be using Active Directory? How do you access the LDAP? JNI &
ADSI?
JP
> -----Original Message-----
> From: Jose González Gómez [mailto:[EMAIL PROTECTED]]
> Sent: Viernes, 02 de Febrero de 2001 16:36
> To: [EMAIL PROTECTED]
> Subject: Re: Reading LDAP data with EJBs
>
>
> Ian,
>
> We are talking here about internal users. The directory
> I'm accessing
> keeps a copy of the structure of the organization I'm making the
> application for. As you say, I use this directory to give different
> access rights to each users regarding their absolute and relative
> position (a manager may authorize requests from employees under his
> organizational unit, but not in others). Anyway, there is some info
> specific to the application that cannot be kept in the directory, so I
> use my database for this purpose.
>
> Under this scenario it made sense for us to make some abstraction
> that would isolate us from LDAP and database access, and we thought of
> an entity bean representing our users. Keep in mind that we have also
> the application administrator role, that may change permissions for
> other users. Our entity bean provides us methods for all those things:
> asking for permissions, asking for relation between two employees,
> changing rights for an user,...
>
> Any thoughts about this?
>
> Regards
> Jose
>
> Ian McCallion wrote:
>
> > Jose González Gómez wrote:
> >
> >> I have an ejb named User that models an user interacting with my
> >> application. I need this as the actions this user may do in the
> >> application depend on his position in a directory I access
> through LDAP.
> >> I keep some info I need about the user in a database, as
> this info is
> >> not in the directory. This way the bean encapsulates all the needed
> >> access to LDAP and database.
> >>
> >> My problem is that in ejbLoad I need to connect to LDAP
> and database,
> >> and in ejbStore I connect only to the database, as the
> info in LDAP will
> >> never be changed in my application. I get the connections to the
> >> database from the connection pool of my app server, but there's no
> >> connection pooling for LDAP connnections, so the ejbLoad
> operation takes
> >> a lot of time in making this connection time after time.
> >>
> >> What could I do? Should I make my own connection
> pooling mechanism
> >> for LDAP? Is this possible under J2EE? Any other ideas about this?
> >
> >
> > There are two reasons to know who your users are:
> >
> > 1. So that you can limit their authority e.g. a supervisor,
> front-office
> > clerk and a backoffice clerk are allowed to do different things.
> >
> > 2. So that you can "know your users" e.g. give them access to their
> > account, keep track of what they like to do when
> visiting your site,
> > etc.
> >
> > Clearly 1. is related to internal users and 2. is related
> to customers or other
> > external users.
> >
> > I do not recommend keeping information about external users
> in LDAP as your
> > requirements for access to the information are almost
> certain to exceed LDAP's
> > ability to provide it.
> >
> > So use LDAP for internal users of your application, but
> keep ALL external user
> > data in a database only.
> >
> >
> > Ian McCallion
> > Alexis Systems Limited
> > Romsey, UK
> >
> >
> ==============================================================
> =============
> > To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> > of the message "signoff EJB-INTEREST". For general help,
> send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
>
> ==============================================================
> =============
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff EJB-INTEREST". For general help,
> send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
