Hi guys,
I started to check the ACI code last week, and it drove me to the
subentry code. This is currently what I'm reviewing.
At first, I was puzzled by the parser, as we seems to mix filters and
refinements. Then I thought that using filters in a subtree
specification was a incredibly wrong idea, but Stefan convinced me that
I was wrong : it's a damn good idea !
So here is what I'm currently working on. First, what is already done :
- fixed a few bugs in the parser (not refinement does not take many
refinements)
- made the parser schema aware
- improved the subentry cache
- used an enum to describe the administrative roles
Now, what I will do soon :
- review the subentry interceptor
- move the cache out of the subentry interceptor to the directory
service instance (this cache is accessed from the AuthzInterceptor)
It should be quite fast.
Then the next step will be to rework the ACI cache, as it's not
initialized at startup (the subentry cache is).
One more thought : we don't support Inner Administrative Area (IAA).
This could be a problem, but its certainly not urgent for 2.0. There is
also a JIRA about this problem (DIRSERVER-257) : right now, we only have
Autonomous Admnistrative Areas, and they can overlap (so we don't need
IAA). This issue will probably be postponed.
For those who have no clue about what is a IAA or a AAA, it's quite
simple : both define a set of entries, starting at a point in the tree
(the AdministrativePoint), but a AAA stops when a new one starts. A IAA
can be included into a AAA, which is not allowed for two AAAs (they are
not allowed to overlap).
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
