directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject System partition removal was Re: [ApacheDS] adding a global trust manager
Date Tue, 23 Oct 2012 09:50:53 GMT
I renamed the thread to avoid any confusion.

Le 10/23/12 11:26 AM, Kiran Ayyagari a écrit :
> On Tue, Oct 23, 2012 at 1:44 PM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
>> Hi Kiran,
>>
>> On 23 oct. 2012, at 08:09, Kiran Ayyagari <kayyagari@apache.org> wrote:
>>
>> Hi All,
>>
>>     I am currently implementing an X509 trust manager that is used for
>> checking client certificates while using TLS for replication.
>>
>>     This trust manager can work in any one of the two modes
>>             1. trust all (default mode)
>>             2. trust only the specified certificates
>>
>>
>> Sounds cool. :)
>>
>>     In the 2 mode trust manager loads a set of certificates stored in
>> DiT under ou=certificates,ou=system (a new branch) [1]
>>
>>
>> Sorry to hijack a little the original topic here, but I think its related.
>> I really think we should get rid of the system partition, it has no use and
>> the only interesting thing it still holds is the default/admin user.
>>
> we discussed about this several times, but later I started to think
> that we should keep it
>
> let me state the reasons that support this in my view:
>
>    o this serves as a play ground for users without having to go
> through the creation of a partition
>       and multiple restarts before he can actually inject an entry and use it

I do agree. If we remove the ou=system partition, then we will have to 
create a new partition for users who want to play with the server, 
without having to create a specific new partition.
>
>    o parts of the system partition comes with default protection using
> ACI and this is also a nice to
>       have in out of the box installation
>
>    o the system partition is very tightly coupled with the internals
> (though _can_ be changed it requires substantial
>       amount of effort)

Especially when it comes to change the many tests depending on it...

But I don't think those two last points are valid : just because we 
depend on a partition which should not have existed at the beginning, we 
should not refrain of thinking about removing it.

Now, the ou=system not only contains the configuration - which could 
(should ?) be in a separate partition - it also stores the ou=groups and 
ou=users branches. I guess many users are storing entries in those 
branches, removing it can impact severely those existing users.

One other thing : the prefNodeName=sysPrefRoot branch can probably be 
removed (see http://osdir.com/ml/dev-directory-apache/2010-05/msg00190.html)
>
>> Everything that is configurable (including the default/admin user) has its
>> place in the configuration partition.
>> That includes the certificates you're talking about.
Certficates are not part of the server configuration, if you except the 
admin user. And here, if the admin user contains its own certificate, 
that's fine.

Maybe we need to have a server certificate, which is not asociated with 
the admin user though...

> other than the feature that it can be edited using a text editor am
> really not comfortable with this
> config LDIF partition, cause it is quite inefficient in the way it
> handles updates, a complete re-write
> after each modification is making it vulnerable to corruption (when I
> try applying an ACI it takes way too long to
> complete and leaves the partition corrupted if the process is killed
> in the middle)
We can differ the update on disk. Before using a LDIF partition, it was 
a JDBM partition. Having a corrupted JDBM partition was even worse := we 
weren't able to fix it at all ! With a LDIF partition, we can still use 
a text editor and fix what has been broken...

Morever, I do think that the performances is not really an issue : we 
don't modify the configuration frequently, and this is not an operation 
you want to do on production before bing sure that you won't break the 
server, I don't really mind if we are at risk to break the server.

In other words : this is an admin task, and the admin must me cautious 
before changing anything... Including backups !
> The point am trying to make is adding certificates to this partition
> makes the backing LDIF file grow in large size
> making any modify operation even more slow.
I agree with that.


>> ATM, the default password is not included in the configuration and it makes
>> it uncomfortable having to first launch the server to be able to edit this
>> value.
> currently the config.ldif is not written to disk unless the server is
> started for the very first time

We can discuss this specific problem in another thread. It would be way 
better if the admin password was not stored in clear anywhere... 
(currently it *is* stored as PLAINTEXT : it would be way better to _at 
least_ stored the hash value of it...)

>> It would be the same thing for those certificates.
>>
> adding a certificate content in an LDIF entry is quite involved, I
> would personally prefer the server to take care
> of it instead of manually encoding and adding in config.ldif

Agreed. Certificates are stored as a byte[], and in LDIF, it's a base64 
value. Note that it's note *taht* complicated to create the LDIF file : 
Studio can do it for you :)
>> I think the configuration partition should really be the place where we
>> store everything that can be configured.
>> Once that's done, the system partition has no reason to exist anymore
>>
>> WDYT?
>>
> hope I have made my view clear in the above lines about keeping the
> system partition :)

I would keep the ou=system partition around atm. It's not a big deal to 
have it, it's convenient for tests, and for users.

I would rather suggest that we remove the ou=configuration,ou=system 
branch, it's most certainly useless.


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com


Mime
View raw message