directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: Replication configuration : second thought
Date Mon, 16 Mar 2009 18:20:36 GMT
Based on the previous elements, let's define what can be the 
configuration, assuming we have one replication subsystem.

consumer :
- replicaId, an int between [0,999] : identify uniquely this consumer
- for each replication peer :
  o type, the replication type (RefreshAndPersist or ResfreshOnly). 
Default to RefreshAndPersist.
  o interval, if type is ResfreshOnly : a hh/mm/ss interval between each 
content polling
  o search base, the base DN to start the search on the producer
  o principal, the principal to use in order to connect on the producer
  o credential, the password to use to connect on the producer

producer :
currently, I see no specific information to set, but it's really a 
preliminary proposal

Regarding the principal/credential information, as the passwords are 
stored crypted using a one-way algorithm, we have to store it in clear. 
This is not very safe. We can think about a better algorithm, like 
encrypting the password using a 2 ways algorithm, but that means we have 
to store a key on the server, which is a breach too. There is no free 
lunch ...

I'm going to implement this configuration on the replication branch.

feel free to comment, and don't really care about the breakage that can 
introduce in the code I will commit  : it's just there as a starting 
point, nothing more.

Thanks !

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message