On 12.07.2013 15:08, Stefan Sperling wrote: > On Fri, Jul 12, 2013 at 02:50:26PM +0200, Branko Čibej wrote: > > I am strongly against the idea of adding LDAP support to mod_authz_svn. > There is already a mod_ldap, it doesn't make sense to duplicate > functionality. If mod_ldap has performance problems -- well then, that's > the place to solve them. It's open source after all. > I think you misread what we were saying. mod_ldap caches ldap replies, > and should perform better than the proposed patch, which does no caching.
Ah, I did indeed misread, sorry. >> Adding /group/ support to mod_authz_svn is completely orthogonal to >> LDAP. Let's not mix the two issues. And frankly, I'd rather spend time >> adding proper group- and role-based authorization to the repository than >> heaping more stuff onto the current config-file-based authz layer. > Please, let's not tie the "we need a new filesystem" discussion into > this tiny feature addition that solves someones problem. Well, I disagree that it's a tiny feature. It seems to me that it's a quite significant addition to the way we process authz rules, at the very least it's a significant user-visible change that affects both performance and backwards compatibility, so it merits a design discussion on this list. The fact that the dependency coupling and layering violation in the original patch didn't raise a whole lot more objections frankly scares me. (And I would've chimed in earlier and spent more time reviewing if I wasn't supposed to be offline on vacation right now.) -- Brane -- Branko Čibej | Director of Subversion WANdisco // Non-Stop Data e. br...@wandisco.com
