[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Adding ldap group support to subversion

From: Branko Čibej <brane_at_wandisco.com>
Date: Fri, 12 Jul 2013 15:21:30 +0200

On 12.07.2013 15:08, Stefan Sperling wrote:
> On Fri, Jul 12, 2013 at 02:50:26PM +0200, Branko Čibej wrote:
>
> I am strongly against the idea of adding LDAP support to mod_authz_svn.
> There is already a mod_ldap, it doesn't make sense to duplicate
> functionality. If mod_ldap has performance problems -- well then, that's
> the place to solve them. It's open source after all.
> I think you misread what we were saying. mod_ldap caches ldap replies,
> and should perform better than the proposed patch, which does no caching.

Ah, I did indeed misread, sorry.

>> Adding /group/ support to mod_authz_svn is completely orthogonal to
>> LDAP. Let's not mix the two issues. And frankly, I'd rather spend time
>> adding proper group- and role-based authorization to the repository than
>> heaping more stuff onto the current config-file-based authz layer.
> Please, let's not tie the "we need a new filesystem" discussion into
> this tiny feature addition that solves someones problem.

Well, I disagree that it's a tiny feature. It seems to me that it's a
quite significant addition to the way we process authz rules, at the
very least it's a significant user-visible change that affects both
performance and backwards compatibility, so it merits a design
discussion on this list. The fact that the dependency coupling and
layering violation in the original patch didn't raise a whole lot more
objections frankly scares me.

(And I would've chimed in earlier and spent more time reviewing if I
wasn't supposed to be offline on vacation right now.)

-- Brane

-- 
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
e. brane_at_wandisco.com
Received on 2013-07-12 15:22:21 CEST

This is an archived mail posted to the Subversion Dev mailing list.