[horde] LDAP directory design
peterr at aidworld.org
Fri Oct 29 07:43:37 PDT 2004
I'm deploying the LDAP preferences backend for a horde installation. It
needs to fit in with an existing LDAP directory which is being used for
authentication through pam_ldap etc.. User objects are stored in a
sub-tree called "People".
Given that openLDAP locks the parent of an object when it is being
updated, I'm afraid that if I extend the objects in the People tree with
hordePerson objectClass, and use them to store the preferences, other
processes run by other users that need to use the directory might be
slowed down significantly when a user updates their prefs (and forever
if something goes wrong!), and authenticating might be slower because
searching the object for the password would take longer. The directory
doesn't have a lot of users at the moment, but scalability is important.
My idea is to have a separate organisationalUnit for horde preferences,
and under that a organisational unit for each user, and under that a
single object which is a hordePerson to store horde preferences. Users
would still bind against their entries in People, and an access control
would allow them to modify their preferences. This is similar to how
Turba suggests users store address books.
So my questions are:
a) Are my concerns justified?
b) If so, is my suggested solution a good one?
c) If so, would you be interested in a patch allowing this?
More information about the horde