directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot>
Subject Re: Status...
Date Wed, 03 Apr 2013 15:23:00 GMT
Thanks Jeff.

I did look at that before working on it.
But, as far as I remember it was requiring a more recent version of Eclipse (3.5 maybe, I
don't remember exactly) than what we currently support (3.3 I guess).
So the API is not available.

The fact that you don't need to provide a password to read the data is interesting and that's
exactly why I chose to make this optional in Studio.
I really think most of our users don't want to be asked a password when connecting to a server.
But for people dealing with very sensitive server connection, the passwords keystore is a
must have.


On 3 avr. 2013, at 17:10, Jeff MAURY <> wrote:

> Please note that Eclipse provides such a functionality out of the box. The secure storage
is managed by Eclipse and you just need to save your sensitive configuration data (password).
There is no need to provide a password when reading the data (at least on Windows at Eclipse
has an integration with the Windows authentication layer).
> I have used it in my Eclipse based product, and for security reasons, I choose to make
it non optional.
> Jeff
> On Wed, Apr 3, 2013 at 10:43 AM, Pierre-Arnaud Marcelot <> wrote:
> Very interesting things.
> Thanks Emmanuel and Kiran for your hard work on all that and sharing it with us. :)
> On my side, I worked on fixing important bug fixes for issues that were mainly introduced
in the last release of Apache Directory Studio.
> A release is ready, but I don't know if I should wait for a new release of ApacheDS (fixing
the bugs we have around password policies and stuff like that) or release Studio ASAP (and
eventually release another version when ApacheDS is fixed)
> You tell me what's best. ;-)
> In the past week, I've been working on a interesting and very important feature for Apache
Directory Studio: secure storage of connections passwords into a password-protected keystore.
> At the moment, when you check the "Save password" checkbox in the properties of a connection,
that password gets saved in the connections file alongside other parameters like host, port,
> The problem is that the password is saved in clear text in the file and that could be
an issue for some users.
> So, the idea is to have an option (disabled by default) in Apache Directory Studio to
save the passwords of the connections in a keystore protected by a "master password". This
password would be asked when accessing the password of a connection (opening a connection
for example).
> This is a very low-level addition in Studio's code and a very sensitive refactoring,
so I'm extra cautious here.
> I really think we can't release a 2.0 version of Studio without this kind of functionality.
It's really a must-have.
> Regards,
> Pierre-Arnaud
> On 2 avr. 2013, at 19:53, Emmanuel L├ęcharny <> wrote:
> > Hi guys,
> >
> > it was two tough weeks, with merely no work on the server... But still,
> > we made some progress on some side projects critical to ApacheDS. Let me
> > provide some headsup.
> >
> > 1) We are making progress on Mavibot. Mavibot is the backend replacement
> > for JDBM. Currently, we are able to manage the additions, deletions and
> > modifications in it. The performances are good, assuming the right page
> > size/nb of elements per page are correctly set (up to 13 000 updates per
> > second). The searches are blasting fast : 1 600 000 lookup per second.
> >
> > Kiran has added support for multiValues in it, and is currently testing
> > a partition for mavibot. I let him giving some feedback on this part,
> > but I'm quite exited !
> >
> > We have a lot to do, still. We currently never remove any revision, so
> > the file keeps growing after each modification. Kiran is working on a
> > bulk load mechanism. I'm working on a mechanism that reclaim the pages
> > that are not anymore in use.
> >
> > We will have to add a way to access the old revisons too and I'm
> > currently working on that. This will allow us to get rid of the
> > ChangeLog system, as it will now be just a matter to switch to an old
> > revision to get back to the previous data set. That will make the test
> > way faster !
> >
> > I expect to have Mavibot completed by the end of april.
> >
> > 2) MINA 3 is also on its way, and sounds promizing. It's already 50%
> > faster than MINA2, which is a huge gap. I hope to be able to build a
> > working prototype based on MINA 3 by the end of april too.
> >
> > 3) In the mean time, I think we can get a 2.0-RC1 released. We have
> > fixed some serious bugs lately, and I don't think we will add new
> > features in this version.
> >
> > All in all, I think that once 2.0 will be out, we will be able to switch
> > to Mavibot backend and MINA 3, to get way better performances.
> >
> > 4) The documentation
> >
> > It *absolutely* sucks :/ I have tried to improve the Kerberos
> > documentation last month, it was a lot of work, as the kerberos server
> > was also quite buggy. There is a lot to do, since we switched to the new
> > system last year, we haven't made a lot of progress in this area. This
> > is true for the server but also for the API. I can't seriously see how
> > we can get a 2.0-GA if the documentation is not improved in one way or
> > another... It's useless to have a fast and working server, if no one
> > know how to use it :/
> >
> > That's pretty much it, Kiran, feel free to complete this mail.
> > Pierre-Arnaud, sorry if I haven't mentionned what you have done on
> > Studio, so please, feel free to add your progress !
> >
> > Many thanks guys !
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel L├ęcharny
> >
> >
> -- 
> Jeff MAURY
> "Legacy code" often differs from its suggested alternative by actually working and scaling.
>  - Bjarne Stroustrup

View raw message