Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache,...
Transcript of Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache,...
![Page 1: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/1.jpg)
Lightweight LDAPdevelopment
With
gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org
![Page 2: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/2.jpg)
Schedule
• ADS presentation• How to use ADS during
development• ADS Advanced benefits• Tools
![Page 3: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/3.jpg)
Apache Directory ServerPresentation
Part 1
![Page 4: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/4.jpg)
ADS redux (1)
• ADS started in 2002• 30 committers, 800 KSlocs • 3 full-time committers• An active community• Certified by the OpenGroup• Used in production• 2 sub-projects: Studio + TripleSec
![Page 5: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/5.jpg)
ADS redux (2)
• Written in Java• Embeddable server (used into
Geronimo, and other projects)• Offers features that no other DS
has : Triggers, SP, full X500 ACIs...
Our aim : deliver the most open and extensible LDAP server
![Page 6: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/6.jpg)
Using ADS during thedevelopment phase
Part 2
![Page 7: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/7.jpg)
LDAP, what for ?
• LDAP is no longer for simple directories– core component of Windows (AD)– SSO– Security, AAA– Identity Management– RBAC & XACML– Radius, Diameter ...– Even storage for hierarchical data !
![Page 8: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/8.jpg)
How to test it ?
• LDAP & RDBMS tests :– start the database server– eventually initialize some data– for each test :
• initialize some more data• run a test• rollback the data
– stop the server and clean the base
![Page 9: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/9.jpg)
Writing tests for LDAP using ADS
• ADS is embeddable : no need to have a LDAP environment set up
• ADS can be invoked using JNDI• ADS is LDAP compliant• Demo ...
![Page 10: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/10.jpg)
ADS : Ready to test
• We deliver specific classes for tests
• Can be tested without network communication, or with network communication
• This is a unique feature only ADS offers !
![Page 11: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/11.jpg)
(1) Initializing the data
• You can inject a new schema easily
• You can load some data using JNDI code or injecting LDIF files
![Page 12: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/12.jpg)
(2) Launching the tests
• The server must be up and running
• Data must be present• Test should succeed regardless of
execution order
![Page 13: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/13.jpg)
(3) Cleaning the data
• Problem : How do we guarantee that one test does not overlap with another one ?– tests must be atomic– a standard approach implies that
you manually rollback to the previous state.
• What if the test fails ?
![Page 14: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/14.jpg)
Rollbacking
• Solution : The server must implement a rollback mechanism– When starting a test, a tag is set– The test is run with its own data– Then we rollback to the initial state
• How ? – ChangeLog interceptor !– Changes are stored and reverted
![Page 15: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/15.jpg)
@RunWith ( CiRunner.class )
@CleanupLevel ( Level.CLASS )
@Factory ( TestLDAPOperations.MyFactory.class )
public class TestLDAPOperations
{
public static DirectoryService service;
public static class MyFactory implements DirectoryServiceFactory
{
... (initialize the server)
}
...
@Test public void testDelete() throws NamingException
{
...
}
}
![Page 16: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/16.jpg)
Entry : ou=Test,dc=Apache,dc=Org
Change type is ADD
Attributes :
createTimestamp:
20080410001440Z
ou:
Test
objectClass:
organizationalUnit
top
creatorsName:
0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
Added entry :
![Page 17: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/17.jpg)
Entry : ou=Test,dc=Apache,dc=Org
Change type is DELETE
Reversed added entry :
![Page 18: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/18.jpg)
Entry : ou=Test,dc=Apache,dc=Org
Change type is MODIFY
Modifications :
Operation: REPLACE
Attribute: description
New Value
Modified entry :
![Page 19: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/19.jpg)
Entry : ou=Test,dc=Apache,dc=Org
Change type is MODIFY
Modifications :
Operation: REPLACE
Attribute: description
Old Value
Reversed modified entry :
![Page 20: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/20.jpg)
Advanced options
• You can define different scopes– Test– Class– Suite– System
![Page 21: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/21.jpg)
ADS Advanced benefits
Part 3
![Page 22: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/22.jpg)
Triggers and Stored-procs
• ADS support Triggers and Stored-Procedure
• Currently, must be Java code• In the future, scripting languages
will be supported
![Page 23: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/23.jpg)
AFTER Delete
CALL “com.example.ldap.util.sp.BackupTools:backupDeletedEntry”
( $ldapContext “ou=backup,ou=system”, $name, $deletedEntry );
Backup deleted entries
Presentation available on our site :
http://directory.apache.org/community%26resources/ldap-stored-procedures-and-triggers-in-apacheds.html
![Page 24: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/24.jpg)
Attributes entry = new AttributesImpl( true );
Attribute objectClass = new AttributeImpl( "objectClass" );
objectClass.add( "top" );
objectClassr.add( "organizationalUnit" );
entry.put( objectClass );
entry.put( "ou", "Test" );
JNDI / ADS API• JNDI :
Entry entry = new DefaultClientEntry(
new LdapDN( “ou=Test, dc=apache, dc=org ) );
entry.add( “ObjectClass”, “top”, “organizationalUnit” );
entry.add( “ou”, “Test” );
• ADS API :
![Page 25: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/25.jpg)
Tooling
Part 4
![Page 26: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/26.jpg)
Installation
• Installers for a lot of platforms– Mac OS/X– Windows– Linux RPM, Debian, simple script– Solaris (soon)
• Graphic and silent installers• Multi-instances• A suite is available (Server + studio )
![Page 27: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/27.jpg)
Studio
• A graphical UI– LDAP Browser– Schema manager– ADS configuration handling– More to come ...
• Standalone or Eclipse Plugin• Written in Java : works
everywhere eclipse works.
![Page 28: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/28.jpg)
Studio
![Page 29: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/29.jpg)
Why a Studio ?
• Existing free Open Source GUI are poor– Jexplorer (Owned by CA)– LdapBrowser (no development since
1998)– Others are written in C
• Other are available, but they are free for browsing, not for modifications ...
![Page 30: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/30.jpg)
Why Eclipse ?
• Because it's the leading IDE• The GUI can be delivered as
plugins into the IDE or standalone• A lot of existing plugins are
available
![Page 31: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/31.jpg)
Studio : LdapBrowser
DEMO...
![Page 32: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/32.jpg)
Studio : Schema editor
Demo ...
![Page 33: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/33.jpg)
Some numbers ...
• First release : February 2007• First major version : September
2007• 1.1.0 released this week :)• More than 300 issues fixed• Since 2007, more than 30 000
downloads !
![Page 34: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/34.jpg)
Studio : What are we working on ?• User's management• Replication management• Backend plugin• Form templating• ...
![Page 35: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/35.jpg)
Conclusion
Part 5
![Page 36: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/36.jpg)
Production ready ?
• Short answer : yes. But ...– Documentation is lacking– 1.5 still in development (targeting
2.0 for 2008 Q3)
![Page 37: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/37.jpg)
What's next ?
• 2.0 is expected by the end of 2008– Better Documentation– New backend support– Better performances expected– Better Replication– Better ACI handling– Virtualization
![Page 38: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/38.jpg)
What's next ?
– Embedded HTTP server (DSML)– Enhanced Kerberos support– More interoperability (AD, etc)– Enhanced Triplesec– More tools– More OpenLDAP/ADS interraction
![Page 39: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/39.jpg)
JNDI V2
• JNDI sucksTM ...– Too wide– Bad semantic
• A new LDAP API is needed– Will replace JNDI for LDAP specific
operations– JNDI will still be available– Some JSR is currently brewed...
![Page 40: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/40.jpg)
Q & A
![Page 41: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/41.jpg)
Thanks
• Apache, of course !– And specifically to Alex whio started
the project 5 years ago– To all the committers, users...
• OpenLDAP and Symas peeps– Because they are great people !– Howard Chu, Kurt Zeilenga...
• The OpenGroup
![Page 42: Lightweight LDAP development With...development With gn=Emmanuel, sn=L\\C3\\A9echarny, dc=apache, dc=org Schedule •ADS presentation •How to use ADS during development •ADS Advanced](https://reader033.fdocuments.in/reader033/viewer/2022042200/5ea080edca12c66e0d4bcd32/html5/thumbnails/42.jpg)
Links
http://directory.apache.orghttp://openldap.org...