Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Received-SPF: pass (athena.apache.org: local policy)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Received:X-YMail-OSG:Mime-Version:In-Reply-To:References:Content-Type:Message-Id:Content-Transfer-Encoding:From:Subject:Date:To:X-Mailer;
  b=1pCtslCFnWffcczPmDHKABiOinZTpByfvqrEjBYBYqtGRraMwfxaJ7Jpink5y3faaZ0A9XquhL1bB/DFuVvQ5QC+oWm9Z+Ze9FNZiR+R9h1eghzMi9gAxvJky+KqS0lwbpv0Fh3sFOOu8ClaqoEX4BL6S5wnvPzNMAHoZEb5+H8=
  ;
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <568753d90710101126m1a300c7l52891e5399a34ac6@mail.gmail.com>
References: <a32f6b020710091210i245c6d97p7555371116be1252@mail.gmail.com>
 <d45b08f00710091321nf021b8cj1958c2882050761@mail.gmail.com>
 <DD75C44E-161F-4C96-88FE-C396E9127439@yahoo.com>
 <a32f6b020710091425l19510497k588ccc3fda4206fd@mail.gmail.com>
 <568753d90710101126m1a300c7l52891e5399a34ac6@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <32BB7075-488C-4ADB-B2AD-CD6E2A17A5A8@yahoo.com>
Content-Transfer-Encoding: 7bit
From: David Jencks <david_jencks@yahoo.com>
Subject: Re: [ApacheDS] Configuration of protocols
Date: Wed, 10 Oct 2007 12:08:46 -0700
To: "Apache Directory Developers List" <dev@directory.apache.org>


On Oct 10, 2007, at 11:26 AM, Enrique Rodriguez wrote:

> On 10/9/07, Alex Karasulu <akarasulu@apache.org> wrote:
>> On 10/9/07, David Jencks <david_jencks@yahoo.com> wrote:
>>> NTP is pretty darn simple and I'm going to code up a couple of
>>> examples using it so we can better see what we are talking about.
>>
>> NTP is simple and one of the reasons why I picked it for the  
>> example.  Also
>> as you
>> say it can be used for a simple experiment to see the impact of  
>> what we want
>> to do
>> without a massive investment in time.
>
> On 10/9/07, Alex Karasulu <akarasulu@apache.org> wrote:
>> On 10/9/07, David Jencks <david_jencks@yahoo.com> wrote:
>>> NTP is pretty darn simple and I'm going to code up a couple of
>>> examples using it so we can better see what we are talking about.
>>
>> NTP is simple and one of the reasons why I picked it for the  
>> example.  Also
>> as you
>> say it can be used for a simple experiment to see the impact of  
>> what we want
>> to do
>> without a massive investment in time.
>
> I agree that the issue isn't just NTP, but coming up with a way to do
> this so that grokking all the protocols is easier.  UDP vs.TCP is more
> of an issue with DNS and Kerberos (including Change Password).
>
> For some history, these protocols were written with OSGi's
> Configuration Admin in mind, with config in the DIT.  This worked with
> the old Oscar/Maven 1 build.  A Config Admin ManagedServiceFactory
> could produce listeners between any IP endpoint and any subtree in the
> DIT (for DNS records or Kerberos principals), a bit like Jetty allows
> you to have multiple listeners.  Whether it is UDP vs. TCP is handled
> in the MINA codec factory, which can switch based on UDP vs. TCP.
> Incidentally, this is why the XxxServer classes have lifecycle, like
> destroy# and isDifferent#, because it was meant to handle dynamic
> config changes propagating out of the DIT.
>
> To Emm's question, the main consideration of UDP vs. TCP is whether
> the size of the message is pre-pended to the message when using TCP.
> DNS has a truncation bit to set but I can't recall any of the
> protocols having any other different processing with UDP vs. TCP.
>
> IMO, it's just simpler to have one configuration and whether its UDP
> or TCP depends on what you connect it to with MINA and the codec
> factory handles the pre-pended size.
>
> Of course, with the fixed nature of the config XML, there may be
> little difference between two configs or one with a property to switch
> UDP vs. TCP.  I'm glad David committed something since it may makes
> things clearer w.r.t. how to proceed.
>
> Also, I was happy to read, after seeing the commits, that
> "DirectoryService" and "ApacheDS" deps were to come out of the
> protocols.  There shouldn't be any reason these protocols couldn't run
> on alternate backends.  I see this as mostly good programming practice
> but it also could aid in attracting committers, if there were more
> ways to use these protocols then only with ApacheDS.  No one should be
> prevented from, say, backing them with OpenDS, again because its good
> decoupling, but also since it would be better overall for attracting
> committers/users.  Not to mention that it's nice to be able to test
> against an in-memory HashMap-based store, since you can test the
> entire protocol workflow much faster than even with FastXxxITest.
> Also, Kerberos was originally written backed by JNDI to OpenLDAP and,
> who knows, that could be a config someone is interested in.

One point I definitely want your (and everyone elses) opinion on is  
the change I made to a couple of the stores for kerberos/ 
changePassword and (about to be committed) dns.  I converted the jndi  
based store implementations to use DirectoryServer directly.  I think  
this is a good idea for use with apacheds but I wondered if we should  
preserve the old jndi-based implementatiions for use with other ldap  
backends.

thanks
david jencks
>
> HTH,
>
> Enrique