directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot ...@marcelot.net>
Subject [Studio] Toughts on ApacheDS Configuration Editor version 2.0 - Comments welcomed
Date Thu, 04 Nov 2010 14:48:46 GMT
Hi Dev,

I'm currently starting to work on the new ApacheDS Configuration Editor for the upcoming Apache
DS 2.0.

Instead of taking the (dead and removed in ApacheDS 2.0) 'server.xml' it used to take in previous
versions of Apache DS, this editor is now intended to read the 'Configuration Partition' of
the new ApacheDS 2.0 version.
The idea is to be able to edit (read and write) the configuration from the 'config.ldif' file
on disk, but also from a running ApacheDS via LDAP operations (under the 'ou=config' partition).

I'd like to propose some ideas around the design of the UI for the editor, and to have your
thoughts about them, in order to make it as usual as possible.

First, the new editor will inherit a lot of things from the current one. Especially, its layout,
with a tab based editor.

After a look at the current configuration partition implementation, here are the tabs I have
identified:
- Overview
- LDAP(S) Server
- Kerberos Server
- Partitions
- Password Policy
- Replication
- Options

I excluded the configuration of the Interceptor Chain on purpose. I really think that it's
an internal configuration the end-users should not be dealing with, but that can be inferred
from the other configuration. Like, for example, if the Kerberos Server is enabled, we know
that the KeyDerivation interceptor must be added to the interceptor chain at a particular
location in it, and the editor will do that for the user under the hood when the 'Enable Kerberos
Server' button is pressed.

Same thing for Extended Operation Handlers.

At the moment, DNS, DHCP and NTP server configurations are excluded from the editor, given
their current state in development and testing, as well as the value for our users to be able
configure such servers (I'm not really they come to ApacheDS for this sets of features).


In the following paragraphs I'll go into more details for each individual tab:

-> Overview Tab
----------------------

This tab is intended to allow a quick access to the most essential and useful settings.
We'll have widgets to enable LDAP(S) or Kerberos Servers, as well as set their listening ports.
We would also have a recap of the most important settings in the other tabs, with the ability
to jump to advanced configuration in each section.


-> LDAP(S) Server
-------------------------

This tab will be used to control the LDAP and LDAPS Servers settings.
Users should be able to enable/disable LDAP and LDAPS independently, as well as specifying
their ports.
They should also be able to:
- enable/disable access control, anonymous access
- choose the supported authentication mechanisms
- set the SASL settings (host, principal, realms, etc)
- set the limits (time limit, size limit, etc)
- keystore, certificate (and when it's migrated to the configuration, the admin's credentials)


-> Kerberos Server
-------------------------

This tab will be used to control the Kerbros Server settings.
Users should be able to enable/disable Kerbros, as well as specifying its port.
The following AT values will also need to be edited via the UI:
- ads-krballowableclockskew
- ads-krbbodychecksumverified
- ads-krbemptyaddressesallowed
- ads-krbencryptiontypes
- ads-krbforwardableallowed
- ads-krbkdcprincipal
- ads-krbmaximumrenewablelifetime
- ads-krbmaximumticketlifetime
- ads-krbpaenctimestamprequired
- ads-krbpostdatedallowed
- ads-krbprimaryrealm
- ads-krbproxiableallowed
- ads-krbrenewableallowed
- ads-searchbasedn

I don't have a particular idea in mind yet on how these settings can be organized in the UI.
If you do, please let me know.


-> Partitions Tab
----------------------

This tab will reuse the existing Partitions Tab of previous editor versions.
It allows the creation, edition and deletion of partitions with their specific properties
(ID, Cache Size, Suffix, Optimizer Enablement, Syncho On Write Enablement and creation, edition
and deletion of Indexed Attributes).
An overview of the existing Partitions Tab can be seen at this URL:
http://directory.apache.org/studio/static/users_guide/apacheds_configuration/configuration_editor_1.5.5_partitions.html


-> Password Policy Tab
--------------------------------

This will be used to define all settings related to the password policy sub-system.
The user will be able to enable/disable it, and edit the following AT values via the UI:
- ads-pwdattribute
- ads-enabled: true
- ads-pwdallowuserchange
- ads-pwdcheckquality
- ads-pwdexpirewarning
- ads-pwdfailurecountinterval
- ads-pwdgraceauthnlimit
- ads-pwdinhistory
- ads-pwdlockout
- ads-pwdlockoutduration
- ads-pwdmaxage
- ads-pwdmaxfailure
- ads-pwdminage
- ads-pwdminlength
- ads-pwdmustchange
- ads-pwdsafemodify

Again, I need to see how these things could be regrouped and organized.
If you already have ideas.


-> Replication Tab
-------------------------

This tab will be used to define all settings related to the replication sub-system.
I'm waiting on you guys to tell me what and how replication should be configured.
I'm not even sure we have a working configuration for this already.


-> Options Tab
--------------------

This tab will be dedicated to more general and technical settings like:
- denormalization of operational attributes
- max PDU size
- synchronization period
- journal (location, filename, rotation)
- changelog
We could also put the configuration of the embedded HTTP server and webapps in there.


Thoughts?

Regards,
Pierre-Arnaud


Mime
View raw message