directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Re: [ApacheDS] Mini-roadmap for protocol work
Date Sat, 29 Sep 2007 22:38:00 GMT
Hi Enrique,

seems to be a pretty neat roadmap.

May I suggest that you just do it in a slightly different order ?

for ( project in {DNS, NTP, DHCP, ChangePW, Kerberos} do
  1) Add some doco on confluence
  2) Clean the chain
  3) Add some tests

(I don't really know if DHCP won't be sandboxed at some point, but NTP
will remain in the server, because it's needed for Kerberos.)

The idea is to clean the simplest protocols first, and to get me into
the last loop when starting with Kerberos. I have still a hell loyt of
work to do on the kerberos branch, and I really want to do it with

Some more points :
- for doco, Christine and Stefan (Z) are the peeps to work with.
- you can add your mini-roadmap into the main roadmap
(, so
that everyone will have a clear visibility about your progression
(it's a matter of when we will be able to release : as you can see, we
are now 11 working on the project, and we must be much more 'serious')
- We will also clean the chain into SASL, because we have clear
problems with it (not sure it's already in the roadmap, but we will
add it).
- we will have to work on kerberos together, and it will take time, so
be patient, because there are many things we will change in the server
itself. However, I think we will be much more efficient together than
each of us alone.
- This may differ the PKINIT integration into the trunk, but it's not
really a big deal, if we can have a clean place to inject it.

Btw, if you have to work on a new external project, it would be cool
to tell us so we can define a deadline for some of you assigned tasks,
to be able to define the 2.0 release content.

Thanks !

On 9/30/07, Enrique Rodriguez <> wrote:
> Hi, Directory developers,
> I'd like to continue addressing some "unfinished business" with the
> various protocols.  This is in an effort to address some issues raised
> in the past (and recently).  So, I put together a "mini-roadmap,"
> below, of items I think I can get to in OCT.  Much of this is internal
> refactoring, with only 1-2 touchpoints that we'll need to coordinate.
> The changes fall into roughly three categories:  chains, tests, and
> Kerberos pre-authentication.
> 1)  Regarding chains, I would like to remove the use of the
> IoHandlerChain's in DNS, Change Password, and Kerberos, in that order.
>  DNS and Change Password should go easily.  Kerberos will go easily
> too, with the only consideration being any conflict with changes Emm
> has made and needs to merge in his Kerberos branch.
> 2)  Regarding tests, I've added a ton for Kerberos but I haven't gone
> and done the similar effort for DNS and Change Password.  Also,
> pre-auth coverage for Kerberos isn't very good.  Adding tests won't
> effect anybody's work, but I wanted to mention this because the tests
> will go hand-in-hand with removing the chains in #1.  Furthermore, I
> expect the tests for Kerberos pre-auth to occur (TDD) while I'm
> revamping pre-auth in #3.
> 3)  Regarding Kerberos pre-auth, I see this combining (a) tests with
> (b) the removal of the pre-auth, AS, and TGS IoHandlerChain's, (c) the
> refactoring of the class loader mechanism with a Spring configuration
> mechanism a la David's recent work, and (d) the addition of PKINIT as
> a new pre-auth mechanism.  Of course, PKINIT work will continue in my
> sandbox, but it makes sense to me to work on pre-auth all at once so
> I'll have my head around it all.  The only "end user" consideration
> here is that pre-auth configuration will be exposed, but since we can
> ship defaults that are unchanged from how it currently works no one
> should notice.
> I don't think any of this affects the current plans around the
> "bigbang" effort, but please give your thoughts on the above and I can
> get going with it pretty much immediately.
> Enrique

Emmanuel L├ęcharny

View raw message