[horde] LDAP directory design

Peter Russell peterr at aidworld.org
Fri Oct 29 07:43:37 PDT 2004


I'm deploying the LDAP preferences backend for a horde installation.  It 
needs to fit in with an existing LDAP directory which is being used for 
authentication through pam_ldap etc..  User objects are stored in a 
sub-tree called "People". 

Given that openLDAP locks the parent of an object when it is being 
updated, I'm afraid that if I extend the objects in the People tree with 
hordePerson objectClass, and use them to store the preferences, other 
processes run by other users that need to use the directory might be 
slowed down significantly when a user updates their prefs (and forever 
if something goes wrong!), and authenticating might be slower because 
searching the object for the password would take longer. The directory 
doesn't have a lot of users at the moment, but scalability is important.

My idea is to have a separate organisationalUnit for horde preferences, 
and under that a organisational unit for each user, and under that a 
single object which is a hordePerson to store horde preferences.  Users 
would still bind against their entries in People, and an access control 
would allow them to modify their preferences.  This is similar to how 
Turba suggests users store address books.

So my questions are:
a) Are my concerns justified?
b) If so, is my suggested solution a good one?
c) If so, would you be interested in a patch allowing this?


Peter Russell

More information about the horde mailing list