directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Question about the configuration layout
Date Wed, 13 Oct 2010 00:40:33 GMT
  Hi guys,

as I was writing the configuration documentation, based on the way we 
initialize the server, I went through the objectClasses we use to define 
the configuration for each element. That raised a question in my mind :
- why don't we link the elements together ?

Right now, we expect some code to put the glue between those elements 
(ie teh LdapServer OC does not contain any AT defining the DS to use, 
the DS does not contain the list of Partitions it uses, etc). Wouldn't 
it be better to add some AT in each elements to completely define, say, 
the LdapServer configuration from the LdapServer entry, following the 
contained ATs ?

One more thing : we should probably define an Abstract ads-oc OC 
containing the 'description' and 'ads-enabled' elements, which are 
present in all the OCs ? I propose such an OC to handle those informations :

*A[ads-base]
   m-may: description
   m-may: ads-enabled

I have gathered all the existing OC with there MAY and MUST ATs, and 
listed them here. The A[xxx] notation describes an ABSTRACT OC. The --> 
notation defines a hierarchical relation between 2 OCs (ie OC2 --> OC1 
means that OC1 is the SUP in OC2). The * notation means that we may have 
from 0 to N distinguishedName in an AT. The ATs pointing to other ads 
OCs are also noted.

With a little effort, I also think that reading such a hierarchy, we 
could automatically generate the beans using introspection, instead of 
writing a reader for each of those elements.

Thoughts ?

A[ads-base]
   m-may: description
   m-may: ads-enabled

ads-directoryService --> ads-base
   m-must: ads-directoryServiceId
   m-must: ads-dsReplicaId
   m-may: ads-dsAccessControlEnabled
   m-may: ads-dsAllowAnonymousAccess
   m-may: ads-dsChangeLog : distinguishedName (points to ads-dsChangeLog)
   m-may: ads-dsDenormalizeOpAttrsEnabled
   m-may: ads-dsJournal : distinguishedName (points to ads-dsJournal)
   m-may: ads-dsMaxPDUSize
   m-may: ads-dsPasswordHidden
   m-may: ads-dsReplication : distinguishedName (points to 
ads-dsReplication)
   m-may: ads-dsSyncPeriodMillis
   m-may: ads-dsTestEntries
   m-must: ads-interceptors* : distinguishedName (points to ads-interceptor)
   m-must: ads-systemPartition : distinguishedName (points to ads-partition)
   m-may: ads-partitions* : distinguishedName (points to ads-partition)
   m-may: ads-replicationProvider : distinguishedName (points to 
ads-replProvider)
   m-may: ads-replicationConsumer : distinguishedName (points to 
ads-replConsumer)
   m-may: ads-passwordPolicy : distinguishedName (points to pwdPolicy)

ads-dsChangeLog --> ads-base
   m-may: ads-changeLogEnabled
   m-may: ads-changeLogExposed

ads-dsJournal --> ads-base
   m-must: ads-journalFileName
   m-may: ads-journalWorkingDir
   m-may: ads-journalRotation
   m-may: ads-journalEnabled

ads-interceptor --> ads-base
   m-must: ads-interceptorId
   m-must: ads-interceptorOrder
   m-must: ads-interceptorClassName

A[ads-partition] --> ads-base
   m-must: ads-partitionId
   m-must: ads-partitionSuffix
   m-may: ads-partitionSyncOnWrite

ads-jdbmPartition --> ads-partition
   m-may: ads-partitionCacheSize
   m-may: ads-jdbmPartitionOptimizerEnabled
   m-may: ads-jdbmIndexes* : distinguishedName (points to ads-jdbmIndex)

A[ads-index] --> ads-base
   m-must: ads-indexAttributeId

ads-jdbmIndex --> ads-index
   m-may: ads-indexFileName
   m-may: ads-indexWorkingDir
   m-may: ads-indexNumDupLimit
   m-may: ads-indexCacheSize

A[ads-transport] --> ads-base
   m-must: ads-transportId
   m-must: ads-systemPort
   m-may: ads-transportAddress
   m-may: ads-transportBacklog
   m-may: ads-transportEnableSSL
   m-may: ads-transportNbThreads

ads-tcpTransport --> ads-transport

ads-udpTransport --> ads-transport

A[ads-server] --> ads-base
   m-must: ads-serverId
   m-must: ads-transports* : distinguishedName (points to ads-transport)

A[ads-catalogBasedServer] --> ads-server
   m-may: ads-serverDS
   m-may: ads-searchBaseDN

ads-ldapServer --> ads-catalogBasedServer
   m-may: ads-ldapServerConfidentialityRequired
   m-may: ads-ldapServerMaxSizeLimit
   m-may: ads-ldapServerMaxTimeLimit
   m-may: ads-ldapServerSaslHost
   m-may: ads-ldapServerSaslPrincipal
   m-may: ads-ldapServerSaslRealms
   m-may: ads-ldapServerKeystoreFile
   m-may: ads-ldapServerCertificatePassword
   m-may: ads-replProviderImpl
   m-may: ads-enableReplProvider
   m-may: ads-saslMechHandlers* : distinguishedName (points to 
ads-ldapServerSaslMechanismHandler)
   m-may: ads-extendedOps* : distingushedName (points to 
ads-ldapServerExtendedOpHandler)

ads-kerberosServer --> ads-catalogBasedServer
   m-may: ads-krbAllowableClockSkew
   m-may: ads-krbEncryptionTypes
   m-may: ads-krbEmptyAddressesAllowed
   m-may: ads-krbForwardableAllowed
   m-may: ads-krbPaEncTimestampRequired
   m-may: ads-krbPostdatedAllowed
   m-may: ads-krbProxiableAllowed
   m-may: ads-krbRenewableAllowed
   m-may: ads-krbKdcPrincipal
   m-may: ads-krbMaximumRenewableLifetime
   m-may: ads-krbMaximumTicketLifetime
   m-may: ads-krbPrimaryRealm
   m-may: ads-krbBodyChecksumVerified

ads-dnsServer --> ads-catalogBasedServer

ads-dhcpServer --> ads-catalogBasedServer

ads-ntpServer --> ads-server

ads-changePasswordServer --> ads-catalogBasedServer
   m-may: ads-krbAllowableClockSkew
   m-may: ads-krbEmptyAddressesAllowed
   m-may: ads-krbEncryptionTypes
   m-may: ads-krbPrimaryRealm
   m-may: ads-chgPwdPolicyCategoryCount
   m-may: ads-chgPwdPolicyPasswordLength
   m-may: ads-chgPwdPolicyTokenSize
   m-may: ads-chgPwdServicePrincipal

ads-ldapServerSaslMechanismHandler --> ads-base
   m-must: ads-ldapServerSaslMechName
   m-must: ads-ldapServerSaslMechClassName
   m-may: ads-ldapServerNtlmMechProvider

ads-ldapServerExtendedOpHandler --> ads-base
   m-must: ads-ldapServerExtendedOpHandlerClass
   m-must: ads-Id

ads-httpWebApp --> ads-base
   m-must: ads-httpWarFile
   m-must: ads-id
   m-may: ads-httpAppCtxPath

ads-httpServer --> ads-base
   m-must: ads-serverId
   m-may: ads-systemPort
   m-may: ads-httpConfFile

ads-replConsumer --> ads-base
   m-must: ads-dsReplicaId
   m-must: ads-replAliasDerefMode
   m-must: ads-searchBaseDN
   m-must: ads-replLastSentCsn
   m-must: ads-replSearchScope
   m-must: ads-replSearchFilter
   m-may: ads-replRefreshNPersist
   m-may: ads-replUseTls
   m-may: ads-replStrictCertValidation
   m-may: ads-replPeerCertificate

ads-replProvider --> ads-base
   m-must: ads-dsReplicaId
   m-must: ads-searchBaseDN
   m-must: ads-replProvHostName
   m-may: ads-replAliasDerefMode
   m-may: ads-replAttribute
   m-may: ads-replProvPort
   m-may: ads-replRefreshInterval
   m-may: ads-replRefreshNPersist
   m-may: ads-replSearchScope
   m-may: ads-replSearchFilter
   m-may: ads-replSearchSizeLimit
   m-may: ads-replSearchTimeOut
   m-may: ads-replUserDn
   m-may: ads-replUserPassword
   m-may: ads-replCookie

pwdPolicy --> ads-base
   m-must: pwdAttribute
   m-may: pwdMinAge
   m-may: pwdMaxAge
   m-may: pwdInHistory
   m-may: pwdCheckQuality
   m-may: pwdMinLength
   m-may: pwdMaxLength
   m-may: pwdExpireWarning
   m-may: pwdGraceAuthNLimit
   m-may: pwdGraceExpire
   m-may: pwdLockout
   m-may: pwdLockoutDuration
   m-may: pwdMaxFailure
   m-may: pwdFailureCountInterval
   m-may: pwdMustChange
   m-may: pwdAllowUserChange
   m-may: pwdSafeModify
   m-may: pwdMinDelay
   m-may: pwdMaxDelay
   m-may: pwdMaxIdle

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com


Mime
View raw message