directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <>
Subject Re: ApacheDS features & collaboration
Date Fri, 11 Feb 2005 04:37:43 GMT
Adison Wongkar wrote:
> Hi Alex, everyone,
> Endi and I want to join effort in this ApacheDS project. We are
> brainstorming in terms of the features we can contribute and collaborate.
> Features we think we can contribute:
> - Schema parser: we have a parser to read *.schema files, based on javacc. 
> - Virtual directory/LDAP proxy
> Features we think we are interested to collaborate on:
> - SSL protocol 
> - Trigger
> - Transaction
> - ACL (static/dynamic)
> - Implement RootDSE (meta information)
> - Extended operation (?)

This is great.  From the Kerberos/security perspective, things I'd like 
to see/collaborate on, related to your list:

- Virtual directory

One potential (big) user would like to augment an existing LDAP 
infrastructure with the ApacheDS for the Kerberos.  When I originally 
wrote the Kerberos server, I backed it with OpenLDAP via SASL/GSSAPI so 
that code is still available.  But, it would be way cleaner to implement 
this not as a Kerberos store, but deeper in the back-end, possibly (as 
you mentioned once) in the Interceptor service chain.  Either way, it is 
virtual directory functionality.

- SSL protocol

Of course, with the crown jewels of a company in the ApacheDS, high QoP 
is key.  And some companies will want SSL.  But, I'd like to see 
SASL/GSSAPI for the LDAP protocol, specifically GSSAPI/Kerberos.  This 
is more like how AD works and M$ makes it easy to do by adding servers 
to domains with wizards and such.  Unfortunately, the setup and 
configuration in the OSS world has not been that easy, so I think it is 
rarely done to the point of people not knowing it is even possible.


> Cheers,
> Adison

View raw message