An analysis about a generic desktop application configuration management system
Philip Van Hoof
spamfrommailing at freax.org
Tue Apr 12 17:42:40 EEST 2005
On Tue, 2005-04-12 at 09:43 -0400, David Collier-Brown wrote:
> Just for information, it's relatively trivial to read the
> change log from LDAP and, when a change that is of interest
> to you occurs, to query LDAP for the relevant data and send
> it to a non-LDAP-aware program.
> One of my folks did so as a perl script for a single LDAP
> server in an afternoon. Making it high-availability with
> multiple LDAPs took a bit longer (:-))
I'd like to note that in the current idea, the backend of the deamon
will cache as much data as possible on the local stores of the many
desktops (thats all to-the-user-relevant configuration data).
Therefor a change notification on the configuration data distributing
server perhaps isn't really needed. As long as a "push" mechanism is
One that can be instructed to overwrite the caches of the many local
stores of the many desktops who authorized that alien service to do that
at a certain moment in time (when the administrator wants it to happen).
A change notification of settings on the enterprise LDAP server would
only be a requirement if desktop client x wants to be notified about
configuration changes done by desktop client y.
In fact I haven't seen that as a requirement from somebody. What people
are requiring is a way to distribute new configuration to many desktops
and to split "the many desktops" into groups. And to do some sort of
version management with the configuration data. Preferable with existing
source control management systems.
I know that the usage of local caches (and trusting that local cache)
will make it impossible to make it impossible to overrule a certain
configuration setting. I don't think "security" on that level is an
important requirement. The read-only keys are more likely to be used to
protect the users from setting foolish settings. Rather than to make
sure they can't set them or they can't overrule them.
I can imagine an administrator changing the company proxy-settings for a
certain group of people. The the configuration data distributing server
will, in such a case, signal the many D-Conf daemons about this change.
And they will be responsible to get the new information from the
distributor, and overwrite their cache with it. No real need for change
However .. these are already technical details. What I want to clarify
is that therefor a standard LDAP is suitable.
Philip Van Hoof, Software Developer @ Cronos
home: me at pvanhoof dot be
gnome: pvanhoof at gnome dot org
work: philip dot vanhoof at cronos dot be
junk: philip dot vanhoof at gmail dot com
More information about the xdg