You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Adison Wongkar <ad...@vergenet.com> on 2005/02/10 21:10:48 UTC

ApacheDS features & collaboration

Hi Alex, everyone,

Endi and I want to join effort in this ApacheDS project. We are
brainstorming in terms of the features we can contribute and collaborate.

Features we think we can contribute:
- Schema parser: we have a parser to read *.schema files, based on javacc. 
- Virtual directory/LDAP proxy

Features we think we are interested to collaborate on:
- SSL protocol 
- Trigger
- Transaction
- ACL (static/dynamic)
- Implement RootDSE (meta information)
- Extended operation (?)

Cheers,
Adison

Re: ApacheDS features & collaboration

Posted by Enrique Rodriguez <er...@apache.org>.

Adison Wongkar wrote:
> Hi Alex, everyone,
> 
> Endi and I want to join effort in this ApacheDS project. We are
> brainstorming in terms of the features we can contribute and collaborate.
> 
> Features we think we can contribute:
> - Schema parser: we have a parser to read *.schema files, based on javacc. 
> - Virtual directory/LDAP proxy
> 
> Features we think we are interested to collaborate on:
> - SSL protocol 
> - Trigger
> - Transaction
> - ACL (static/dynamic)
> - Implement RootDSE (meta information)
> - Extended operation (?)

This is great.  From the Kerberos/security perspective, things I'd like 
to see/collaborate on, related to your list:

- Virtual directory

One potential (big) user would like to augment an existing LDAP 
infrastructure with the ApacheDS for the Kerberos.  When I originally 
wrote the Kerberos server, I backed it with OpenLDAP via SASL/GSSAPI so 
that code is still available.  But, it would be way cleaner to implement 
this not as a Kerberos store, but deeper in the back-end, possibly (as 
you mentioned once) in the Interceptor service chain.  Either way, it is 
virtual directory functionality.

- SSL protocol

Of course, with the crown jewels of a company in the ApacheDS, high QoP 
is key.  And some companies will want SSL.  But, I'd like to see 
SASL/GSSAPI for the LDAP protocol, specifically GSSAPI/Kerberos.  This 
is more like how AD works and M$ makes it easy to do by adding servers 
to domains with wizards and such.  Unfortunately, the setup and 
configuration in the OSS world has not been that easy, so I think it is 
rarely done to the point of people not knowing it is even possible.

-enrique

> 
> Cheers,
> Adison