Comments on: Moving LDAP writes to Web Services http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/ Blogs on the world of 3 letter acronyms... like AAA and AAI Tue, 25 Aug 2009 21:11:57 +0000 http://wordpress.com/ hourly 1 By: Using Syncrepl ideas to build a web services based database to LDAP synchronization mechanism « A world of LDAP and RADIUS http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-1898 Using Syncrepl ideas to build a web services based database to LDAP synchronization mechanism « A world of LDAP and RADIUS Sat, 25 Apr 2009 10:54:16 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-1898 [...] 25, 2009 in LDAP, PHP, Web Services | Tags: LDAP, syncrepl, Web Services In previous posts i pointed out the benefits of using web services (instead of direct LDAP access) to perform LDAP [...] [...] 25, 2009 in LDAP, PHP, Web Services | Tags: LDAP, syncrepl, Web Services In previous posts i pointed out the benefits of using web services (instead of direct LDAP access) to perform LDAP [...]

]]> By: Idetrorce http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-1500 Idetrorce Sun, 16 Dec 2007 02:00:29 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-1500 very interesting, but I don't agree with you Idetrorce very interesting, but I don’t agree with you
Idetrorce

]]> By: Web Services interoperability fable with Java and PHP « thoughts.iterator() http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-195 Web Services interoperability fable with Java and PHP « thoughts.iterator() Thu, 02 Aug 2007 21:48:09 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-195 [...] access, teacher accounts and several student accounts. For various reasons that you can find at my colleague’s blog there was a need to perform LDAP operations over WSs – in fact we had to “Move LDAP writes to [...] [...] access, teacher accounts and several student accounts. For various reasons that you can find at my colleague’s blog there was a need to perform LDAP operations over WSs – in fact we had to “Move LDAP writes to [...]

]]> By: kkalev http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-21 kkalev Tue, 01 May 2007 20:13:42 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-21 Answer to Dionysios: The LDAP protocol allows for creating new extended operations or controls on already existing operations. This however involves quite a lot of work in defining the extensions and writing code (on both the server and client end) to implement it. You need deep knowledge of the inner workings of your ldap server to implement them and any bugs/problem in your code will take the whole server down. So it's a solution that: * Does not scale * Is error prone * Is platform specific (a plugin for Sun ONE will not work for OpenLDAP) * Involves too much work implementing it * Requires LDAP operations instead of using web services (which is a big plus if you are dealing with outside web based clients) LUMS could theoretically be written as an LDAP server plugin but that would require writing it in C instead of PHP (which is a lot more work) and creating one version for each LDAP server available on the market (or maybe just creating a back-perl backend for OpenLDAP in order to save time). In general, too much work, too much risk with minimum benefit. Answer to Dionysios:

The LDAP protocol allows for creating new extended operations or controls on already existing operations. This however involves quite a lot of work in defining the extensions and writing code (on both the server and client end) to implement it. You need deep knowledge of the inner workings of your ldap server to implement them and any bugs/problem in your code will take the whole server down. So it’s a solution that:
* Does not scale
* Is error prone
* Is platform specific (a plugin for Sun ONE will not work for OpenLDAP)
* Involves too much work implementing it
* Requires LDAP operations instead of using web services (which is a big plus if you are dealing with outside web based clients)

LUMS could theoretically be written as an LDAP server plugin but that would require writing it in C instead of PHP (which is a lot more work) and creating one version for each LDAP server available on the market (or maybe just creating a back-perl backend for OpenLDAP in order to save time). In general, too much work, too much risk with minimum benefit.

]]> By: Dionysios Synodinos http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-20 Dionysios Synodinos Mon, 30 Apr 2007 12:05:48 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-20 If I understood you correctly, you use web services as a mechanism to provide a standard interface between the two systems that also serves as an abstraction over the multiple LDAP operations that might be required for a given system operation. I'm not familiar with the specifics of the LDAP protocol or the exact features that contemporary Directory servers support, but isn't there a way to extent or "overload" the standard LDAP operations? For example can't you define new operations that serve as an aggregation of numerous basic/standard ones? I would find it strange if there wasn't such an extention mechanism and even stranger if the vendors haven't come up with something similar to close the gap. Is the introduction of yet another layer like web services for something that looks so obvious/common necessary? Is the protocol and the implementations so poor in features? If I understood you correctly, you use web services as a mechanism to provide a standard interface between the two systems that also serves as an abstraction over the multiple LDAP operations that might be required for a given system operation. I’m not familiar with the specifics of the LDAP protocol or the exact features that contemporary Directory servers support, but isn’t there a way to extent or “overload” the standard LDAP operations? For example can’t you define new operations that serve as an aggregation of numerous basic/standard ones? I would find it strange if there wasn’t such an extention mechanism and even stranger if the vendors haven’t come up with something similar to close the gap.

Is the introduction of yet another layer like web services for something that looks so obvious/common necessary? Is the protocol and the implementations so poor in features?

]]> By: Movind LDAP writes to Web Services - The interface « A world of LDAP and RADIUS http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-11 Movind LDAP writes to Web Services - The interface « A world of LDAP and RADIUS Thu, 19 Apr 2007 13:33:07 +0000 http://kkalev.wordpress.com/2007/03/15/moving-ldap-writes-to-web-services/#comment-11 [...] April 19th, 2007 in LDAP, Web Services, PHP On a recent post i pointed out the advantages of moving ldap writes to web services. I also stated that we [...] [...] April 19th, 2007 in LDAP, Web Services, PHP On a recent post i pointed out the advantages of moving ldap writes to web services. I also stated that we [...]

]]>