||[Sep. 16th, 2003|06:24 pm]
(My apologies if this has been mentioned before; Googling for it turned up nothing, and I haven't finished browsing past topics. I think it got mentioned here)
( Brief introductionCollapse )
I'm currently writing a Java servlet to browse an LDAP directory, and was wondering if there are any plans to expose the LJ user database as an LDAP-accessible directory. As mentioned in this entry, it would allow central-management of the users accessible by the code, as well IMHO accessible to various tools, apps, etc. (email MUAs, LDAP browsers).
However, I can foresee some downsides and arguments to doing this:
- This may make it easy for spammers to harvest email addresses— not quite, since the userinfo pages are already publicly accessible; as for the email addresses, you can deny viewing those attribs (and more) to anonymous LDAP binds.
- Porting to an LDAP directory from the existing DB will be tough, as well as cause downtime— Could probably be implemented as a transition system? Possibly, using a replication daemon (slurpd) to synch data between the existing system and the LDAP directory
- What attribs and objectClasses should be used?— honestly don't know.
There are some upsides, though:
You spare DB access. I think this'll speed things up a bit (correct me if I'm wrong though), since you don't really have to do a
SELECT to lookup info about a user.
You allow users to edit their pages from an external program, such as an LDAP browser— possibly through an SSL bind. LJ clients can implement this functionality without having to extend the existing API, maybe?
Please correct any wrong assumptions I make with the above. Thanks.
Jan Michael Ibañez