directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: Question about the configuration layout
Date Wed, 13 Oct 2010 08:33:52 GMT
On Wed, Oct 13, 2010 at 1:47 PM, Emmanuel Lecharny <> wrote:
>  On 10/13/10 9:22 AM, Kiran Ayyagari wrote:
>> On Wed, Oct 13, 2010 at 6:10 AM, Emmanuel Lecharny<>
>>  wrote:
>>>  Hi guys,
>>> as I was writing the configuration documentation, based on the way we
>>> initialize the server, I went through the objectClasses we use to define
>>> the
>>> configuration for each element. That raised a question in my mind :
>>> - why don't we link the elements together ?
>> to simply put it it makes creating any new configuration element
>> a bottom-up approach rather than top-down, for ex.
>> to configure an LdapServer instance, the user needs to define
>> its containments like transports, extended handlers and sasl mechanisms
>> first
>> and then take these DNs and add them to the LdapServer config entry for
>> linking.
>> (the other approch is to add some non-existing DNs first and later remove
>> it)
> You aren't forced to define any of the containments if you don't want to.
> Just put nothing in the DN referencing sub-elements.
then let us void this feature to link DNs, they will be abused by
users the day they realize that
this is allowed
> The thing is that in order to have a LDAPServer working, you *have* to
> define all the sub-elements anyway...
>> IMHO, I find this really complex, OTOH using this 'linking option'
>> user *might* spread
>> the config across the partition instead of under a single container
> I see your point. But the pointers may also help to grab the entries (no
> need to do a search, a lookup will be just enough). Plus note that DSR (once
> we have implemented it) may force the elements to be stored one level under
> their container. At least, this would be explicit, instead of being coded.
>>> Right now, we expect some code to put the glue between those elements (ie
>>> teh LdapServer OC does not contain any AT defining the DS to use, the DS
>>> does not contain the list of Partitions it uses, etc).
>> I would see it this way, it actually enforces a configuration policy that
>> any configurable container(e.x DS, LdapServer etc) object's
>> configuration should be present
>> *in* and *under* the associated container ldap entry
>> so all the configuration related to DS will be in and under the entry with
>> DN
>> ads-directoryServiceId=default,ou=config
>> the way we find where the DS is configured is search for
>> (ads-directoryServiceId=default)
>> at ONE level scope and we know that the entire configuration related
>> to DS is present
>> in and under this returned entry
> DSR is the way to go, IMO. But maybe we don't need the links. It 's just
> that we may be able to generate the accessor automatically from the entries
> if we have the links, when we have to do that by hand without them.
>>> Wouldn't it be better
>>> to add some AT in each elements to completely define, say, the LdapServer
>>> configuration from the LdapServer entry, following the contained ATs ?
>> IMHO, I don't think so
> Better, not better, I would say easier instead. Again, from the code
> generation of the accessors POV.
>>> One more thing : we should probably define an Abstract ads-oc OC
>>> containing
>>> the 'description' and 'ads-enabled' elements, which are present in all
>>> the
>>> OCs ? I propose such an OC to handle those informations :
>>> *A[ads-base]
>>>  m-may: description
>>>  m-may: ads-enabled
>> +1, this will really make the config more concise and we can add other
>> common ATs that
>> we are talking about like 'comment' that will allow users to add some
>> comments in the config
>> elements
> I will add this guy.
>>> I have gathered all the existing OC with there MAY and MUST ATs, and
>>> listed
>>> them here. The A[xxx] notation describes an ABSTRACT OC. The -->
>>>  notation
>>> defines a hierarchical relation between 2 OCs (ie OC2 -->  OC1 means that
>>> OC1
>>> is the SUP in OC2). The * notation means that we may have from 0 to N
>>> distinguishedName in an AT. The ATs pointing to other ads OCs are also
>>> noted.
>>> With a little effort, I also think that reading such a hierarchy, we
>>> could
>>> automatically generate the beans using introspection, instead of writing
>>> a
>>> reader for each of those elements.
>> didn't understand completely, but, we need a reader to instantiate the
>> beans
>> and we can also introspect based on the OCs and hierarchy rather than
>> the linked ATs
> Using the OCs, we can generate the Beans (we would need a maven plugin for
> that, not sure it's usefull...) and the reader (probably more useful).
> I would at least say that we should let the reader instanciates the beans
> associated with each Entry automatically using introspection. For instance,
> the OC ads-base will be associate with an AdsBase java class, containing two
> fields :
> - String description
> - boolean adsEnabled
> when we read an Entry which has the ads-base SUP OC, we can call the setter
> for those both fields using the MAY or MUST name :
> - may: ads-enabled -> setAdsEnabled()
> - may: description -> setDescription()
> Then you don't need to write readXXX( DN ) methods at all, this can be
> completely automatic.
hmmm, but how do we perform more strict (hence user friendly) validations if
we generate the code, we need to know each specific bean type and what
do we need to do, no?

> --
> Regards,
> Cordialement,
> Emmanuel Lécharny

Kiran Ayyagari

View raw message