<quote who="Howard Lowndes"> > I was interested in your comments about bdb -v- ldbm and would be > interested in an expansion on that if you feel inclined; I have little > knowledge of the workings or vagaries of the Unix dbs.
The BDB backend uses the very latest in highly scalable and pull your hair out with a combine harvester Berkeley DB technology. It's very complex, highly configurable, and requires a lot of babysitting. You end up having to do database recoveries on a fairly regular basis, and have to know all kinds of ins and outs to get the best performance out of it. In most cases, it's just over the top, and the much simpler ldbm backend (which is comparably stupid and slow) saves time in the long run. (It would be interesting to look at Tridge's ldb and tdb solutions for samba in more detail at some stage...) Interestingly enough, this is why the first releases of Subversion always looked like an astounding headsmack expressed in elaborate modern folk dance to me - no way would I put my revision control in the hands of BDB. At least these days they have fsfs and use it by default. > My concern, and my reason for originally seeking the hierarchical approach > was to limit the level of management access inside the directory, eg. I > don't want someone who has write access to domain A being allowed to have > read access to domain B, or even knowing that domain B exists. Aha, good reason. :-) Though you could achieve that through other ends, such as putting all of that smarts in your management tools. > I have installed phpldapadmin and using that has proved insightful as > well as seemingly being a good management tool. It has improved leaps and bounds since I last looked at it - definitely one of the more successful FOSS LDAP tools thus far. I'm really looking forward to how things change with the Fedora Directory Server release, and what the tools are like once they're Freed. :-) - Jeff -- OSCON 2005: August 1st-5th http://conferences.oreillynet.com/os2005/ GDK (acronym): GNU's Not Unix Image Manipulation Program Tool-Kit Drawing-Kit. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
