directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: 1.5.1 release soon ?
Date Thu, 07 Jun 2007 18:13:24 GMT
On 6/7/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
> ...
> * SASL has been added, and it was an expected addition to the server. As it
> is a huge modification, it seems to be quite reasonnable to push it into a
> revision, and move on to a new version (namely, 1.5.2-SNAPSHOT ).

I'm curious how anybody's doing with SASL GSSAPI using clients like
'ldapsearch' and the doc I wrote.  Kerberos+LDAP like this is a
serious undertaking in the open-source world, so we'll have issues no
matter how much we simplify things, but it is already a lot easier.
The fact that SASL is picky about hostnames won't go away, so if you
have trouble I suggest testing with the client and server on separate
machines and watch DNS and Kerberos traffic on the wire to see what
hostnames are being used.  This is noted in the doco but perhaps it
needs one of those red warning notices.

> Releasing 1.5.1 means serious impacts, though :
> ...
> - we still have to change some logic in the BindRequest code, because I'm
> afraid that performance won't be very good

If you're refering to the way config is handled and the use of the
IoHandlerChain, I can rework the workflow to optimize the config and I
can probably remove the IoHandlerChain entirely.  Probably this
weekend.

I'd like to point out, again, that the diagnostic UI causes some
dependency problems with how it accesses the sessions.  Besides the
dependency, it is also probably a privacy and security problem since
it doesn't appear there is any access control.  Without it, I can
heavily refactor SessionRegistry and some helper classes, since MINA
has its own session support.  I believe this must pre-date MINA.

Enrique

Mime
View raw message