directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject Re: JNDI vs protocol vs Core API
Date Sat, 27 Sep 2008 03:25:49 GMT
On Fri, Sep 26, 2008 at 8:36 PM, Emmanuel Lecharny <>wrote:

> Alex Karasulu wrote:
>> Emmanuel,
>> On Fri, Sep 26, 2008 at 2:01 PM, Emmanuel Lecharny <
>> >wrote:
>> Now, the problem is that for referrals, as we have also removed the
>>> ReferralInterceptor from the core server (a very good move, when you take
>>> the time to think about it - and it took me two hours of discussion with
>>> Alex to get it -), you have a new problem : where do we have to handle
>>> referrals ?
>> Question is for what purpose do you want to handle referrals.  There are
>> two
>> ways to handle referrals:
>> (1) Through the protocol
>> (2) Via the JNDI Provided based on how JNDI is expected to behave with
>> different values for the Context.REFERRAL property in the environment:
>> throw, ignore, follow.
> well, I don't think we should see the referral handling this way. IIf you
> see it from another perspective, ie, from the user POV, a referral is just
> an indirection. Now, the way the server manage it is pretty much a black box
> for the client, as soon as the client is informed that the entry is not
> present in the server. If you consider that you want to embed the server,
> but without using JNDI, you are in a dead end.

I don't think we're in a dead end.  It's up to the user of the CoreSession
and Entry interfaces to determine what to do with the referral if they don't
want to use the JNDI wrapper.  It's that simple.

What more do you think needs to be done?  For example if you do a lookup

    session.lookup( "ou=People,dc=foo" )

and dc=foo is a referral to dc=bar but ou=People does not exist.  In this
case what exception do you throw? Something telling you the entry does not
exist or an exception stating a referral needs to be handled? If you want
referral handling to occur here in CoreSession methods then, the exception
thrown will depend on the presence of the ManageDsaIT control's presence.

If you don't implement referral handling here then upper levels must check
with the ReferralManager to see if the dn of the missing entry has a
referral ancestor.  I guess this is a good argument to implement some
minimal referral handling in the CoreSession then.

What does the Netscape API do?  Maybe that may shed some light.

>>> The first idea was to move it to the protocol layer. So be it. But the
>>> problem is that the JNDI referral handling was not anymore done (and as a
>>> consequence, the associated tests were disabled, until the JNDI provider
>>> was
>>> fixed to handle those referrals).
>>> I'm currently re-implementing the Referral handling in this JNDI layer,
>>> but
>>> I suddenly discovered that this was not a good idea *at all*. And so was
>>> the
>>> initial idea to implement the referrals handling into the protocol layer.
>>> We
>>> now have 3 places where we must implement this process :
>>> - in the protocol layer
>>> - in the JNDI provider
>>> - and in the CoreSession layer.
>>> Bad...
>> I don't think it should be done in the CoreSession.  The CoreSession
>> should
>> just provide an interface to perform operations against entries.  I think
>> all entries should be treated the same with respect to this interface.
Starting to think otherwise now.

> That's fine, but then we have to add a thin layer on top of the CoreSession
> (be it the Operation manager or anything else, it's just something which
> will handle the referrals, when the plain entry is returned back, if it
> contains the Referral ObjectClass)). Otherwie, we will have to handle it in
> two places instead of one (ie, in the protocol and in JNDI).
>> If code needs to do something different because the entry is a referral
>> it's
>> up to that code to do so.
> so the need of another layer on top of the CoreSession
>> Referral handling is different depending on whether the protocol is
>> handling
>> it or whether the JNDI provider is handling it.
> In fact, if you abstract yoruself from the e=semantic, there is not that
> much a difference : either the referral is ignored, and we return the plain
> entry (=> ManageDsaIt is present _or_ the property is set to Ignore), or we
> want to be redirected, and we want the underlying server to give us the URL
> to go to (ManageDsaIt is not present _or_ the property is set to 'throw').
> The last case (the property is set to follow) is pretty much the same,
> except that the server will automatically send a request to the other server
> (and we don't handle this case anyway)
>> The reason why I separated
>> these is because the concepts were getting mixed together and JNDI was
>> contaminating the server.
> Removing those aspects from the server was a perfect move. But I think we
> can do better than adding handlers for referrals in both JNDI and protocol
> code. This is the reason why I posted this mail.
>>> So here is what I suggest : we should handle referrals into the
>>> CoreSession
>>> layer, and deal with the thrown exceptions (LdapReferralExceptio,
>>> LdapPartialResultException, etc) into the JNDI and protocol layer,
>>> otherwise, we will do the job three times (and it's not a funny job ...)
>>> thoughts ?
>> We could do this but these exceptions are JNDI specific.  They've been
>> defined to deal with a specific JNDI referral handling mode (throw
>> specifically).
> IMO, 'follow' is the JNDI exception, not throw. And we don't handle the
> 'follow' anyway :)
>> Then the protocol handler code would need to change to
>> understand these JNDI specifics.
>> Perhaps we should just not deal with referrals at all in the CoreSession.
>> Just add it to the JNDI provider for it's specific modes.
> That's also an option, but I'm afraid that may limit the embedded version
> of the server.
>> My mindset my be wrong (and at times I do doubt it) but I feel the core
>> API
>> is purely a local access API to initialize and manipulate the DIT and its
>> entries.
> I agree fully. The core should only return pure entries, not dealing with
> referrals as if they were special. But the layer on top of it must deal with
> referrals. The JNDI provider must do it, and my idea is to delegate this
> part to an intermediate layer, like :
> client --> JNDI --> server API --> referral layer --> core --> ...
> or
> client --> server API --> referral layer --> core --> ...
>   It does not deal with following referrals since this would go over
>> the network.  It does not deal with referrals as special entries since
>> this
>> is the responsibility of higher layers which deal with referrals in
>> different ways.
>>> PS: don't be too picky with the names I'm using (like CoreSession is not
>>> really the API we have built), but I'm sure that Alex can correct me. I
>>> think however that the general picture is ok.
>> Yeah just great - I understood easily what you meant.  I think reuse is
>> good
>> and I can certainly see how putting some referral handling functionality
>> into the CoreSession is very tempting.  As coders we always want to reuse
>> and that's good.  However sometimes reuse causes more problems than it is
>> worth.
> hence my email ;)
>>  I think this is a good example for that kind of situation.  Also
>> sometimes we want to add additional functionality because it seems to make
>> sense to have a richer interface that handles more cases.  However more
>> complex interfaces are harder to work with as bricks to build other
>> interfaces when their rich features start to get in the way.
> I think that the core session interface should not be modified. But we may
> need another thin layer on top of it. Maybe.
>> <snip/>Then the referral handling code,
>> whether in the protocol provider or in the JNDI provider, has a much
>> easier
>> task.  The respective code is clean and shows clearly the policy of how
>> referrals are handled in their respective layers.
> this is the key : do we have to handle referrals in those two layers
> (protocol an JNDI) when we could manage it in an intermediate layer ? I
> think this is possoble. More than that, I think this can also be the seed
> for a new API which will replace the current JNDI API for those who would
> like to embed the server without being stuck into JNDI or to go through the
> protocol layer.

Ok another layer will get confusing so you're probably right that we should
put it into CoreSession.


View raw message