Re: [Openca-Users] Is LDAP Database sufficient?

Fri, 18 May 2001 09:38:05 -0700 

Nandkishor M wrote:
> 
> Hi Michael,
Hi,

>     * Is it possible to store the required data in LDAP or some RDBMS
>       is required?

The internal database of a CA is not standardized which means it is at
every time proprietary. So you can store all the information in a
LDAP-server, a file or RDBMS. 

Normally RDBMSs are used because they support you with transactions
(especially the ACID-features). So if you store some data into a RDBMS
and the database answers "ok, I got it" then you can be sure that your
system doesn't lost the data. LDAP gives you no warranties about the
durability of the changes which are done. LDAP is only a protocol. E.g.
OpenLDAP uses mostly DBM-files but in contrast the IBM DB2 UDB database
understand LDAP via an extension too.

>     * How much volume can LDAP database handle?

This is not a question of the protocol this is mostly a question which
is  dependent on the backend - dbm-files, RDBMS ...

Please take in mind that LDAP was developed for many small READ-actions
and rare WRITE-actions but I dont believe that you have too much data
for an IBM DB2 :-)

>     * If some RDBMS is used, can LDAP server act as a middleware?

Of cause, but be sure that you know what you are doing (recovery from
errors is a problem). LDAP is very flexible and portable I know ;-D

Before I implement the module OpenCA::DBI I want to implement the
database interface via LDAP but I decided to write a very well designed
and portable databaseinterface for RDBMSs because of the problem with
the disasterrecovery.

So it's a good idea to look into the code of OpenCA::DBI to see the
problems of such an implementation. The biggest problems is the usage of
sequencegenerators. The rest is very simple SQL.

If you need more details then simply ask for them ;-D

Regards Michael
------------------------------------------------------------------------------
Michael Bell                               Email: [EMAIL PROTECTED]
Humboldt-University of Berlin       Email (work):
[EMAIL PROTECTED]
Unter den Linden 6                    Tel.(work): +49 (0)30-2093 2482
10099 Berlin
Germany                                                [OpenCA Core
Developer]

http://openca.sourceforge.net

S/MIME Cryptographic Signature

Reply via email to