Toshio Kuratomi wrote: > On Sun, 2006-07-16 at 17:32 -0600, Jonathan Steffan wrote: > >> Fedora Directory Server supports TLS and SSL. So does openldap. I think >> an API built on top of LDAP would have more abilities. Does PGSQL >> support slave servers and replication? >> >> > There are two good projects, slony-i_ and pg-cluster, that support > master-slave replication and multi-master replication respectively. I > haven't used either but Curt Moore mentioned he uses slony-i during one > of the IRC meetings. > > slony-i_ http://gborg.postgresql.org/project/slony1/projdisplay.php > pg-cluster_ http://pgfoundry.org/projects/pgcluster/ > I ask because Fedora Directory Server does this well. > I think we're going to be doing a lot of programming against the backend > no matter what so I want to know what LDAP offers to me as a developer > of web applications. > To me, LDAP seems fairly supported... in the sense there is a published schema so software developers have a 'map' to design by. For example, Plone allows you to map internal user variables to proper LDAP schema and it works out well (a fairly standard schema [inetOrgPerson] has all the needed user properties.) I have a few projects going to test if a single LDAP user directory would be able to authenticate Bugzilla, plone, moinmoin and SVN/CVS. > - python-ldap seems to be the python bridge to ldap. Arethere > alternatives or is this the way to go? > As I am not a python guru yet, and thus this is all I have worked with. > - Can we update the LDAP schema easily when we decide we need to take > more information? (We need to start retinal scans for security or want > to have hackergotchi to make the entries more personalized in the > future.) > Yes. > - SQL has grant and revoke to assign users privileges on individual > database tables. Does LDAP have similar? (I find I use SQL's > separation of select, update, and insert as well. I don't know if we'd > need more than read-write vs read-only for the account db but is it > possible to separate all of these independently?) > Fedora Directory Server supports a very fine grained security model. Some random links: http://directory.fedora.redhat.com/wiki/Architecture#Roles http://directory.fedora.redhat.com/wiki/Features http://directory.fedora.redhat.com/wiki/Get_Effective_Rights_Design > - SQL and python have SQLObject to make python objects backed by SQL db > storage very easy. I don't know if we want this for the accounts db > (security may not be fine-grained enough) > I have only worked with hacking existing python code and working with the perl DBI (supporting LDAP) and other CPAN modules for working with LDAP. > - I enjoy postgresql's ability to constrain data via foreign keys, > regexps, etc. Does LDAP allow the same type of things in its schemas? > > -Toshio > > ------------------------------------------------------------------------ > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >
Attachment:
signature.asc
Description: OpenPGP digital signature
