Eric Bergen пишет:
> On Wed, May 21, 2008 at 3:10 PM, Vladimir Shebordaev
> <vladimir.shebordaev@stripped> wrote:
>> Jeremy Cole пишет:
>>> Hi Vladimir,
>>> This is true, although this is much more complex and would basically
>>> involve mirroring the entire privilege hierarchy into LDAP, and I'm not sure
>>> I've heard anyone talk about doing that yet.
>> You might wish to have a look at, e.g. wl#3118
>>> It would also probably mean doing the permissions lookups "live" against
>>> LDAP, which would be substantially slower than the current privilege system
>>> which is all in in-memory hash tables.
> Not only would it be slower but it adds another dependency into the
> system. It basically means that if ldap goes down then so do the
> databases. It would have to be implemented with a level of caching
> within MySQL which would make it even more complex.
If you have no backup authentication service you will sure not be
able to even log in into you system would you set up your pam to
authenticate against it.
Basically, mysqld would query LDAP when it opens tables and
creates user security contexts, i.e. when the user logs in, so
the query results could be effectively cached.
>> Sure. I guess, it is hardly supposed to be ever implemented.
It could be nice feature but it looks like too much hassle :)