...
The second design option enforces DN case invariance without impacting the existing simpkv API. Its simpkv subtree has the same essential layout as that of Option 1, including the use of the ‘instances’, 'globals', and ‘environments’ grouping “folders”. However, in this design the
The LDAP plugin transforms any problematic attributes that are to be used in a DN for a key/value pair to an encoded representation (e.g., hexadecimal, Base 64) . For example, with a hexadecimal transformation, all backend instance identifiers, key names, and folder names would be represented in hex, minus the ‘
0x’ or ‘0X’ preface. (The Puppet environment does not require transformation, as Puppet environment names must be lowercase.) So, key pathsproduction/app1/key1andproduction/App1/Key1would be mapped tosimpkvHexId=61707031,simpkvHexId=6b657931,ou=production,ou=environments,...
andsimpkvHexId=41707031,simpkvHexId=4b657931,ou=production,ou=environments,...
respectively, wheresimpkvHexIdis an attribute of both
...
an LDAP object used to represent backend identifiers/folders and
...
an LDAP object used to store the key/value pair.
...
Each node with an encoded identifier RDN includes an attribute with the raw
...
identifier
...
. Although this means a little more data must be stored in the DIT, this extra information will support external searches of the LDAP tree using the raw backend instance identifiers, key names, and folder names. In other words, users can search the LDAP tree without being forced to mimic the transformations done in
simpkv::*functions.
Below is an example of the Option 2 DIT in which
simpkvFolderis a custom LDAP object class withsimpkvHexIdandsimpkvIdattributes holding the transformed backend identifier/folder and raw identifier/folder, respectivelysimpkvEntryis a custom LDAP object class withsimpkvHexId,simpkvIdandsimpkvJsonValueattributes holding the transformed key, raw key and JSON-formatted value, respectively.
Recommendation
...