At 03:07 18/9/00 +0100, you wrote:
>> * How come you recreate Dir/Contexts multiple times instead of caching them
>> ? Is it more efficient to reconnect because only rarely add/remove check or
>> some other reason ?
>
>I would expect that most interactions will be read-only. (And the
>read-only DirContext is stored in an instance variable) This way (I
>think) it would be possible to run James without Remotemanager and never
>grant it write access. (Ie administering the directory somehow else) Is
>that OK or am I being too paranoid?
no thats good :P - much better I think :P
>Does anyone have a good estimate of writes to reads for a production
>system?
well for my university system it gets about 100,000 emails a day. They all
read off a central directory and that directory is only updated once
everyfortnight ... so a huge number of reads to writes is my guess. They
mainly use it for routing thou and only a few systems act as mail store
>> * How come you cache some variables in setConfiguration instead of directly
>> placing them in a Hasntable/env ? Ease of debugging or something else ?
>
>debug, debug. Getting this working was a pain. Once people are happy
>that it works, we can start tuning it.
:P
>> * In code below you check a password by logging as a principle - why don't
>> you just log in as super-user (cached connection) and read the password and
>> compare ?
>
>I'm not convinced that reading passwords is a good idea. Additionally, I
>did try it and if I remember right, James needs to know how the password
>is stored in the directory (eg plain text, crypt, SHA etc) I don't think
>apps should know that sort of detail. What happens here is, effectively,
>an LDAP bind, which i think is the right way to test a password.
but doesn't that mean more users are allowed access to LDAP server - ie
joe-bloe could easily walk in and do stuff ? I know you can lock it down so
no modifies are possible but as far as I am aware you are not allowed to
block on object level? I doubt this sorta policy would be allowable in some
situations - not sure (as I said LDAP weenie :P)
>> * Isn't the below code really slow if you say have users in the vacinity of
>> 3000 or so ? If so is there anyway in LDAP to get around it ? Is there
>> anyway countUsers can be deprecated as a required method as it seems
>> incredibly expensive ? Perhaps by returning an Iterator ?
>
>countUsers is in purely because it was a method in the Fede's file
>implementation. I was trying, as far as possible, not to alter the
>interface.
ahh :P
>I haven't done any scale tests so I couldn't say how slow or fast this
>would be. Open to suggestions, though. But I'm not sure I'd want 3,000
>users on one instance, anyway.
well sure you do - if the mail server is acting as a gateway or relay and
doesn't store any mail on the machine. Many machines who do present as a
store (ie implement POP3/IMAP4r3) actually keep store on other machines and
read it across network when a user requests it. This is based on details of
how all the unis around here works so YMMV but it doesn't seem rare - not
even an uncommon demand.
Cheers,
Pete
*------------------------------------------------------*
| "Nearly all men can stand adversity, but if you want |
| to test a man's character, give him power." |
| -Abraham Lincoln |
*------------------------------------------------------*
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://www.mail-archive.com/james%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
