directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [ApacheDS] Configuration of protocols
Date Wed, 10 Oct 2007 19:08:46 GMT

On Oct 10, 2007, at 11:26 AM, Enrique Rodriguez wrote:

> On 10/9/07, Alex Karasulu <akarasulu@apache.org> wrote:
>> On 10/9/07, David Jencks <david_jencks@yahoo.com> wrote:
>>> NTP is pretty darn simple and I'm going to code up a couple of
>>> examples using it so we can better see what we are talking about.
>>
>> NTP is simple and one of the reasons why I picked it for the  
>> example.  Also
>> as you
>> say it can be used for a simple experiment to see the impact of  
>> what we want
>> to do
>> without a massive investment in time.
>
> On 10/9/07, Alex Karasulu <akarasulu@apache.org> wrote:
>> On 10/9/07, David Jencks <david_jencks@yahoo.com> wrote:
>>> NTP is pretty darn simple and I'm going to code up a couple of
>>> examples using it so we can better see what we are talking about.
>>
>> NTP is simple and one of the reasons why I picked it for the  
>> example.  Also
>> as you
>> say it can be used for a simple experiment to see the impact of  
>> what we want
>> to do
>> without a massive investment in time.
>
> I agree that the issue isn't just NTP, but coming up with a way to do
> this so that grokking all the protocols is easier.  UDP vs.TCP is more
> of an issue with DNS and Kerberos (including Change Password).
>
> For some history, these protocols were written with OSGi's
> Configuration Admin in mind, with config in the DIT.  This worked with
> the old Oscar/Maven 1 build.  A Config Admin ManagedServiceFactory
> could produce listeners between any IP endpoint and any subtree in the
> DIT (for DNS records or Kerberos principals), a bit like Jetty allows
> you to have multiple listeners.  Whether it is UDP vs. TCP is handled
> in the MINA codec factory, which can switch based on UDP vs. TCP.
> Incidentally, this is why the XxxServer classes have lifecycle, like
> destroy# and isDifferent#, because it was meant to handle dynamic
> config changes propagating out of the DIT.
>
> To Emm's question, the main consideration of UDP vs. TCP is whether
> the size of the message is pre-pended to the message when using TCP.
> DNS has a truncation bit to set but I can't recall any of the
> protocols having any other different processing with UDP vs. TCP.
>
> IMO, it's just simpler to have one configuration and whether its UDP
> or TCP depends on what you connect it to with MINA and the codec
> factory handles the pre-pended size.
>
> Of course, with the fixed nature of the config XML, there may be
> little difference between two configs or one with a property to switch
> UDP vs. TCP.  I'm glad David committed something since it may makes
> things clearer w.r.t. how to proceed.
>
> Also, I was happy to read, after seeing the commits, that
> "DirectoryService" and "ApacheDS" deps were to come out of the
> protocols.  There shouldn't be any reason these protocols couldn't run
> on alternate backends.  I see this as mostly good programming practice
> but it also could aid in attracting committers, if there were more
> ways to use these protocols then only with ApacheDS.  No one should be
> prevented from, say, backing them with OpenDS, again because its good
> decoupling, but also since it would be better overall for attracting
> committers/users.  Not to mention that it's nice to be able to test
> against an in-memory HashMap-based store, since you can test the
> entire protocol workflow much faster than even with FastXxxITest.
> Also, Kerberos was originally written backed by JNDI to OpenLDAP and,
> who knows, that could be a config someone is interested in.

One point I definitely want your (and everyone elses) opinion on is  
the change I made to a couple of the stores for kerberos/ 
changePassword and (about to be committed) dns.  I converted the jndi  
based store implementations to use DirectoryServer directly.  I think  
this is a good idea for use with apacheds but I wondered if we should  
preserve the old jndi-based implementatiions for use with other ldap  
backends.

thanks
david jencks
>
> HTH,
>
> Enrique


Mime
View raw message