You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Adison Wongkar <ad...@vergenet.com> on 2005/02/10 21:10:48 UTC
ApacheDS features & collaboration
Hi Alex, everyone,
Endi and I want to join effort in this ApacheDS project. We are
brainstorming in terms of the features we can contribute and collaborate.
Features we think we can contribute:
- Schema parser: we have a parser to read *.schema files, based on javacc.
- Virtual directory/LDAP proxy
Features we think we are interested to collaborate on:
- SSL protocol
- Trigger
- Transaction
- ACL (static/dynamic)
- Implement RootDSE (meta information)
- Extended operation (?)
Cheers,
Adison
Re: ApacheDS features & collaboration
Posted by Enrique Rodriguez <er...@apache.org>.
Adison Wongkar wrote:
> Hi Alex, everyone,
>
> Endi and I want to join effort in this ApacheDS project. We are
> brainstorming in terms of the features we can contribute and collaborate.
>
> Features we think we can contribute:
> - Schema parser: we have a parser to read *.schema files, based on javacc.
> - Virtual directory/LDAP proxy
>
> Features we think we are interested to collaborate on:
> - SSL protocol
> - Trigger
> - Transaction
> - ACL (static/dynamic)
> - Implement RootDSE (meta information)
> - Extended operation (?)
This is great. From the Kerberos/security perspective, things I'd like
to see/collaborate on, related to your list:
- Virtual directory
One potential (big) user would like to augment an existing LDAP
infrastructure with the ApacheDS for the Kerberos. When I originally
wrote the Kerberos server, I backed it with OpenLDAP via SASL/GSSAPI so
that code is still available. But, it would be way cleaner to implement
this not as a Kerberos store, but deeper in the back-end, possibly (as
you mentioned once) in the Interceptor service chain. Either way, it is
virtual directory functionality.
- SSL protocol
Of course, with the crown jewels of a company in the ApacheDS, high QoP
is key. And some companies will want SSL. But, I'd like to see
SASL/GSSAPI for the LDAP protocol, specifically GSSAPI/Kerberos. This
is more like how AD works and M$ makes it easy to do by adding servers
to domains with wizards and such. Unfortunately, the setup and
configuration in the OSS world has not been that easy, so I think it is
rarely done to the point of people not knowing it is even possible.
-enrique
>
> Cheers,
> Adison